summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--source3/Makefile.in4
-rw-r--r--source3/configure.in11
-rw-r--r--source3/include/ads_dns.h54
-rw-r--r--source3/include/includes.h1
-rw-r--r--source3/libads/dns.c353
-rw-r--r--source3/libsmb/namequery.c51
-rw-r--r--source3/utils/net_ads.c6
-rw-r--r--source3/utils/net_lookup.c72
8 files changed, 487 insertions, 65 deletions
diff --git a/source3/Makefile.in b/source3/Makefile.in
index 773eb65016..694c4ab375 100644
--- a/source3/Makefile.in
+++ b/source3/Makefile.in
@@ -241,14 +241,14 @@ LIBADS_OBJ = libads/ldap.o libads/ldap_printer.o libads/sasl.o \
libads/krb5_setpw.o libads/ldap_user.o \
libads/ads_struct.o libads/kerberos_keytab.o \
libads/disp_sec.o libads/ads_utils.o libads/ldap_utils.o \
- libads/authdata.o
+ libads/authdata.o
LIBADS_SERVER_OBJ = libads/util.o libads/kerberos_verify.o
SECRETS_OBJ = passdb/secrets.o passdb/machine_sid.o
LIBNMB_OBJ = libsmb/unexpected.o libsmb/namecache.o libsmb/nmblib.o \
- libsmb/namequery.o libsmb/conncache.o
+ libsmb/namequery.o libsmb/conncache.o libads/dns.o
LIBSAMBA_OBJ = libsmb/nterr.o libsmb/dcerpc_err.o libsmb/smbdes.o \
libsmb/smbencrypt.o libsmb/ntlm_check.o \
diff --git a/source3/configure.in b/source3/configure.in
index bf6841bdf4..40cf2d4a81 100644
--- a/source3/configure.in
+++ b/source3/configure.in
@@ -3227,17 +3227,6 @@ else
fi
fi
- AC_CHECK_FUNC_EXT(ldap_domain2hostlist,$LDAP_LIBS)
-
- if test x"$ac_cv_func_ext_ldap_domain2hostlist" != x"yes"; then
- if test x"$with_ads_support" = x"yes"; then
- AC_MSG_ERROR(Active Directory support requires ldap_domain2hostlist)
- elif test x"$with_ads_support" = x"auto"; then
- AC_MSG_WARN(Disabling Active Directory support (requires ldap_domain2hostlist))
- with_ads_support=no
- fi
- fi
-
AC_CHECK_FUNC_EXT(ldap_add_result_entry,$LDAP_LIBS)
if test x"$ac_cv_func_ext_ldap_add_result_entry" != x"yes"; then
diff --git a/source3/include/ads_dns.h b/source3/include/ads_dns.h
new file mode 100644
index 0000000000..9b65db0c8e
--- /dev/null
+++ b/source3/include/ads_dns.h
@@ -0,0 +1,54 @@
+/*
+ * Unix SMB/CIFS implementation.
+ * Internal DNS query structures
+ * Copyright (C) Gerald Carter 2006.
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+ */
+
+#ifndef _ADS_DNS_H
+#define _ADS_DNS_H
+
+/* DNS query section in replies */
+
+struct dns_query {
+ const char *hostname;
+ uint16 type;
+ uint16 in_class;
+};
+
+/* DNS RR record in reply */
+
+struct dns_rr {
+ const char *hostname;
+ uint16 type;
+ uint16 in_class;
+ uint32 ttl;
+ uint16 rdatalen;
+ uint8 *rdata;
+};
+
+/* SRV records */
+
+struct dns_rr_srv {
+ const char *hostname;
+ uint16 priority;
+ uint16 weight;
+ uint16 port;
+ struct in_addr ip;
+};
+
+
+#endif /* _ADS_DNS_H */
diff --git a/source3/include/includes.h b/source3/include/includes.h
index 3aec0f602a..998a0715e2 100644
--- a/source3/include/includes.h
+++ b/source3/include/includes.h
@@ -903,6 +903,7 @@ extern int errno;
#include "nt_status.h"
#include "ads.h"
+#include "ads_dns.h"
#include "interfaces.h"
#include "trans2.h"
#include "nterr.h"
diff --git a/source3/libads/dns.c b/source3/libads/dns.c
new file mode 100644
index 0000000000..0119ae9130
--- /dev/null
+++ b/source3/libads/dns.c
@@ -0,0 +1,353 @@
+/*
+ Unix SMB/CIFS implementation.
+ DNS utility library
+ Copyright (C) Gerald (Jerry) Carter 2006.
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 2 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program; if not, write to the Free Software
+ Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+*/
+
+#include "includes.h"
+
+/* AIX resolv.h uses 'class' in struct ns_rr */
+
+#if defined(AIX)
+# if defined(class)
+# undef class
+# endif
+#endif /* AIX */
+
+/* resolver headers */
+
+#include <sys/types.h>
+#include <netinet/in.h>
+#include <arpa/nameser.h>
+#include <resolv.h>
+#include <netdb.h>
+
+#define MAX_DNS_PACKET_SIZE 0xffff
+
+/*********************************************************************
+*********************************************************************/
+
+static BOOL ads_dns_parse_query( TALLOC_CTX *ctx, uint8 *start, uint8 *end,
+ uint8 **ptr, struct dns_query *q )
+{
+ uint8 *p = *ptr;
+ pstring hostname;
+ int namelen;
+
+ ZERO_STRUCTP( q );
+
+ if ( !start || !end || !q || !*ptr)
+ return False;
+
+ /* See RFC 1035 for details. If this fails, then return. */
+
+ namelen = dn_expand( start, end, p, hostname, sizeof(hostname) );
+ if ( namelen < 0 ) {
+ return False;
+ }
+ p += namelen;
+ q->hostname = talloc_strdup( ctx, hostname );
+
+ /* check that we have space remaining */
+
+ if ( PTR_DIFF(p+4, end) > 0 )
+ return False;
+
+ q->type = RSVAL( p, 0 );
+ q->in_class = RSVAL( p, 2 );
+ p += 4;
+
+ *ptr = p;
+
+ return True;
+}
+
+/*********************************************************************
+*********************************************************************/
+
+static BOOL ads_dns_parse_rr( TALLOC_CTX *ctx, uint8 *start, uint8 *end,
+ uint8 **ptr, struct dns_rr *rr )
+{
+ uint8 *p = *ptr;
+ pstring hostname;
+ int namelen;
+
+ if ( !start || !end || !rr || !*ptr)
+ return -1;
+
+ ZERO_STRUCTP( rr );
+ /* pull the name from the answer */
+
+ namelen = dn_expand( start, end, p, hostname, sizeof(hostname) );
+ if ( namelen < 0 ) {
+ return -1;
+ }
+ p += namelen;
+ rr->hostname = talloc_strdup( ctx, hostname );
+
+ /* check that we have space remaining */
+
+ if ( PTR_DIFF(p+10, end) > 0 )
+ return False;
+
+ /* pull some values and then skip onto the string */
+
+ rr->type = RSVAL(p, 0);
+ rr->in_class = RSVAL(p, 2);
+ rr->ttl = RIVAL(p, 4);
+ rr->rdatalen = RSVAL(p, 8);
+
+ p += 10;
+
+ /* sanity check the available space */
+
+ if ( PTR_DIFF(p+rr->rdatalen, end ) > 0 ) {
+ return False;
+
+ }
+
+ /* save a point to the rdata for this section */
+
+ rr->rdata = p;
+ p += rr->rdatalen;
+
+ *ptr = p;
+
+ return True;
+}
+
+/*********************************************************************
+*********************************************************************/
+
+static BOOL ads_dns_parse_rr_srv( TALLOC_CTX *ctx, uint8 *start, uint8 *end,
+ uint8 **ptr, struct dns_rr_srv *srv )
+{
+ struct dns_rr rr;
+ uint8 *p;
+ pstring dcname;
+ int namelen;
+
+ if ( !start || !end || !srv || !*ptr)
+ return -1;
+
+ /* Parse the RR entry. Coming out of the this, ptr is at the beginning
+ of the next record */
+
+ if ( !ads_dns_parse_rr( ctx, start, end, ptr, &rr ) ) {
+ DEBUG(1,("ads_dns_parse_rr_srv: Failed to parse RR record\n"));
+ return False;
+ }
+
+ if ( rr.type != ns_t_srv ) {
+ DEBUG(1,("ads_dns_parse_rr_srv: Bad answer type (%d)\n", rr.type));
+ return False;
+ }
+
+ p = rr.rdata;
+
+ srv->priority = RSVAL(p, 0);
+ srv->weight = RSVAL(p, 2);
+ srv->port = RSVAL(p, 4);
+
+ p += 6;
+
+ namelen = dn_expand( start, end, p, dcname, sizeof(dcname) );
+ if ( namelen < 0 ) {
+ DEBUG(1,("ads_dns_parse_rr_srv: Failed to uncompress name!\n"));
+ return False;
+ }
+ srv->hostname = talloc_strdup( ctx, dcname );
+
+ return True;
+}
+
+
+/*********************************************************************
+ Sort SRV record list based on weight and priority. See RFC 2782.
+*********************************************************************/
+
+static int dnssrvcmp( struct dns_rr_srv *a, struct dns_rr_srv *b )
+{
+ BOOL init = False;
+
+ if ( !init ) {
+ srand( (uint32)time(NULL) );
+ }
+
+ if ( a->priority == b->priority ) {
+
+ /* randomize entries with an equal weight and priority */
+ if ( a->weight == b->weight )
+ return rand() % 2 ? -1 : 1;
+
+ /* higher weights should be sorted lower */
+ if ( a->weight > b->weight )
+ return -1;
+ else
+ return 1;
+ }
+
+ if ( a->priority < b->priority )
+ return -1;
+
+ return 1;
+}
+
+/*********************************************************************
+ Simple wrapper for a DNS SRV query
+*********************************************************************/
+
+NTSTATUS ads_dns_lookup_srv( TALLOC_CTX *ctx, const char *name, struct dns_rr_srv **dclist, int *numdcs )
+{
+ uint8 *buffer = NULL;
+ size_t buf_len;
+ int resp_len = NS_PACKETSZ;
+ struct dns_rr_srv *dcs = NULL;
+ int query_count, answer_count, auth_count, additional_count;
+ uint8 *p = buffer;
+ int rrnum;
+ int idx = 0;
+
+ if ( !ctx || !name || !dclist ) {
+ return NT_STATUS_INVALID_PARAMETER;
+ }
+
+ /* Send the request. May have to loop several times in case
+ of large replies */
+
+ do {
+ if ( buffer )
+ TALLOC_FREE( buffer );
+
+ buf_len = resp_len * sizeof(uint8);
+
+ if ( (buffer = TALLOC_ARRAY(ctx, uint8, buf_len)) == NULL ) {
+ DEBUG(0,("ads_dns_lookup_srv: talloc() failed!\n"));
+ return NT_STATUS_NO_MEMORY;
+ }
+
+ if ( (resp_len = res_query(name, ns_c_in, ns_t_srv, buffer, buf_len)) < 0 ) {
+ DEBUG(1,("ads_dns_lookup_srv: Failed to resolve %s (%s)\n", name, strerror(errno)));
+ TALLOC_FREE( buffer );
+ return NT_STATUS_UNSUCCESSFUL;
+ }
+ } while ( buf_len < resp_len && resp_len < MAX_DNS_PACKET_SIZE );
+
+ p = buffer;
+
+ /* For some insane reason, the ns_initparse() et. al. routines are only
+ available in libresolv.a, and not the shared lib. Who knows why....
+ So we have to parse the DNS reply ourselves */
+
+ /* Pull the answer RR's count from the header. Use the NMB ordering macros */
+
+ query_count = RSVAL( p, 4 );
+ answer_count = RSVAL( p, 6 );
+ auth_count = RSVAL( p, 8 );
+ additional_count = RSVAL( p, 10 );
+
+ DEBUG(4,("ads_dns_lookup_srv: %d records returned in the answer section.\n",
+ answer_count));
+
+ if ( (dcs = TALLOC_ARRAY(ctx, struct dns_rr_srv, answer_count)) == NULL ) {
+ DEBUG(0,("ads_dns_lookup_srv: talloc() failure for %d char*'s\n",
+ answer_count));
+ return NT_STATUS_NO_MEMORY;
+ }
+
+ /* now skip the header */
+
+ p += NS_HFIXEDSZ;
+
+ /* parse the query section */
+
+ for ( rrnum=0; rrnum<query_count; rrnum++ ) {
+ struct dns_query q;
+
+ if ( !ads_dns_parse_query( ctx, buffer, buffer+resp_len, &p, &q ) ) {
+ DEBUG(1,("ads_dns_lookup_srv: Failed to parse query record!\n"));
+ return NT_STATUS_UNSUCCESSFUL;
+ }
+ }
+
+ /* now we are at the answer section */
+
+ for ( rrnum=0; rrnum<answer_count; rrnum++ ) {
+ if ( !ads_dns_parse_rr_srv( ctx, buffer, buffer+resp_len, &p, &dcs[rrnum] ) ) {
+ DEBUG(1,("ads_dns_lookup_srv: Failed to parse answer record!\n"));
+ return NT_STATUS_UNSUCCESSFUL;
+ }
+ }
+ idx = rrnum;
+
+ /* Parse the authority section */
+ /* just skip these for now */
+
+ for ( rrnum=0; rrnum<auth_count; rrnum++ ) {
+ struct dns_rr rr;
+
+ if ( !ads_dns_parse_rr( ctx, buffer, buffer+resp_len, &p, &rr ) ) {
+ DEBUG(1,("ads_dns_lookup_srv: Failed to parse authority record!\n"));
+ return NT_STATUS_UNSUCCESSFUL;
+ }
+ }
+
+ /* Parse the additional records section */
+
+ for ( rrnum=0; rrnum<additional_count; rrnum++ ) {
+ struct dns_rr rr;
+ int i;
+
+ if ( !ads_dns_parse_rr( ctx, buffer, buffer+resp_len, &p, &rr ) ) {
+ DEBUG(1,("ads_dns_lookup_srv: Failed to parse additional records section!\n"));
+ return NT_STATUS_UNSUCCESSFUL;
+ }
+
+ /* only interested in A records as a shortcut for having to come
+ back later and lookup the name */
+
+ if ( (rr.type != ns_t_a) || (rr.rdatalen != 4) )
+ continue;
+
+ for ( i=0; i<idx; i++ ) {
+ if ( strcmp( rr.hostname, dcs[i].hostname ) == 0 ) {
+ uint8 *buf = (uint8*)&dcs[i].ip.s_addr;
+ memcpy( buf, rr.rdata, 4 );
+ }
+ }
+ }
+
+ qsort( dcs, idx, sizeof(struct dns_rr_srv), QSORT_CAST dnssrvcmp );
+
+ *dclist = dcs;
+ *numdcs = idx;
+
+ return NT_STATUS_OK;
+}
+
+/********************************************************************
+********************************************************************/
+
+NTSTATUS ads_dns_query_dcs( TALLOC_CTX *ctx, const char *domain, struct dns_rr_srv **dclist, int *numdcs )
+{
+ pstring name;
+
+ snprintf( name, sizeof(name), "_ldap._tcp.dc._msdcs.%s", domain );
+
+ return ads_dns_lookup_srv( ctx, name, dclist, numdcs );
+}
+
diff --git a/source3/libsmb/namequery.c b/source3/libsmb/namequery.c
index 1d40837f2b..99a2e7ebdb 100644
--- a/source3/libsmb/namequery.c
+++ b/source3/libsmb/namequery.c
@@ -1024,13 +1024,13 @@ static BOOL resolve_hosts(const char *name, int name_type,
static BOOL resolve_ads(const char *name, int name_type,
struct ip_service **return_iplist, int *return_count)
{
-
#ifdef HAVE_ADS
if ( name_type == 0x1c ) {
int count, i = 0;
- char *list = NULL;
- const char *ptr;
- pstring tok;
+ NTSTATUS status;
+ TALLOC_CTX *ctx;
+ struct dns_rr_srv *dcs = NULL;
+ int numdcs = 0;
/* try to lookup the _ldap._tcp.<domain> if we are using ADS */
if ( lp_security() != SEC_ADS )
@@ -1039,25 +1039,31 @@ static BOOL resolve_ads(const char *name, int name_type,
DEBUG(5,("resolve_hosts: Attempting to resolve DC's for %s using DNS\n",
name));
- if (ldap_domain2hostlist(name, &list) != LDAP_SUCCESS)
+ if ( (ctx = talloc_init("resolve_ads")) == NULL ) {
+ DEBUG(0,("resolve_ads: talloc_init() failed!\n"));
return False;
-
- count = count_chars(list, ' ') + 1;
- if ( (*return_iplist = SMB_MALLOC_ARRAY(struct ip_service, count)) == NULL ) {
- DEBUG(0,("resolve_hosts: malloc failed for %d entries\n", count ));
+ }
+
+ status = ads_dns_query_dcs( ctx, name, &dcs, &numdcs );
+ if ( !NT_STATUS_IS_OK( status ) ) {
+ return False;
+ }
+
+ if ( (*return_iplist = SMB_MALLOC_ARRAY(struct ip_service, numdcs)) == NULL ) {
+ DEBUG(0,("resolve_ads: malloc failed for %d entries\n", count ));
return False;
}
- ptr = list;
- while (next_token(&ptr, tok, " ", sizeof(tok))) {
- unsigned port = LDAP_PORT;
- char *p = strchr(tok, ':');
- if (p) {
- *p = 0;
- port = atoi(p+1);
- }
- (*return_iplist)[i].ip = *interpret_addr2(tok);
- (*return_iplist)[i].port = port;
+ i = 0;
+ while ( i < numdcs ) {
+
+ /* use the IP address from the SRV structure if we have one */
+ if ( is_zero_ip( dcs[i].ip ) )
+ (*return_iplist)[i].ip = *interpret_addr2(dcs[i].hostname);
+ else
+ (*return_iplist)[i].ip = dcs[i].ip;
+
+ (*return_iplist)[i].port = dcs[i].port;
/* make sure it is a valid IP. I considered checking the negative
connection cache, but this is the wrong place for it. Maybe only
@@ -1067,11 +1073,12 @@ static BOOL resolve_ads(const char *name, int name_type,
our DNS server doesn't know anything about the DC's -- jerry */
if ( is_zero_ip((*return_iplist)[i].ip) )
- continue;
-
+ continue;
+
i++;
}
- SAFE_FREE(list);
+
+ TALLOC_FREE( dcs );
*return_count = i;
diff --git a/source3/utils/net_ads.c b/source3/utils/net_ads.c
index cca8dd63d0..8076860569 100644
--- a/source3/utils/net_ads.c
+++ b/source3/utils/net_ads.c
@@ -72,8 +72,12 @@ static int net_ads_lookup(int argc, const char **argv)
{
ADS_STRUCT *ads;
ADS_STATUS status;
+ const char *realm = NULL;
- ads = ads_init(NULL, opt_target_workgroup, opt_host);
+ if ( strequal(lp_workgroup(), opt_target_workgroup ) )
+ realm = lp_realm();
+
+ ads = ads_init(realm, opt_target_workgroup, opt_host);
if (ads) {
ads->auth.flags |= ADS_AUTH_NO_BIND;
}
diff --git a/source3/utils/net_lookup.c b/source3/utils/net_lookup.c
index dd2d666d5a..68097aa9f7 100644
--- a/source3/utils/net_lookup.c
+++ b/source3/utils/net_lookup.c
@@ -62,71 +62,85 @@ static int net_lookup_host(int argc, const char **argv)
return 0;
}
-#ifdef HAVE_LDAP
-static void print_ldap_srvlist(char *srvlist)
+#ifdef HAVE_ADS
+static void print_ldap_srvlist(struct dns_rr_srv *dclist, int numdcs )
{
- char *cur, *next;
struct in_addr ip;
- BOOL printit;
-
- cur = srvlist;
- do {
- next = strchr(cur,':');
- if (next) *next++='\0';
- printit = resolve_name(cur, &ip, 0x20);
- cur=next;
- next=cur ? strchr(cur,' ') :NULL;
- if (next)
- *next++='\0';
- if (printit)
- d_printf("%s:%s\n", inet_ntoa(ip), cur?cur:"");
- cur = next;
- } while (next);
+ int i;
+
+ for ( i=0; i<numdcs; i++ ) {
+ if ( resolve_name(dclist[i].hostname, &ip, 0x20) ) {
+ d_printf("%s:%d\n", inet_ntoa(ip), dclist[i].port);
+ }
+ }
}
#endif
static int net_lookup_ldap(int argc, const char **argv)
{
#ifdef HAVE_ADS
- char *srvlist;
const char *domain;
- int rc;
struct in_addr addr;
struct hostent *hostent;
+ struct dns_rr_srv *dcs = NULL;
+ int numdcs = 0;
+ TALLOC_CTX *ctx;
+ NTSTATUS status;
if (argc > 0)
domain = argv[0];
else
domain = opt_target_workgroup;
+ if ( (ctx = talloc_init("net_lookup_ldap")) == NULL ) {
+ d_fprintf(stderr, "net_lookup_ldap: talloc_inti() failed!\n");
+ return -1;
+ }
+
DEBUG(9, ("Lookup up ldap for domain %s\n", domain));
- rc = ldap_domain2hostlist(domain, &srvlist);
- if ((rc == LDAP_SUCCESS) && srvlist) {
- print_ldap_srvlist(srvlist);
+
+ status = ads_dns_query_dcs( ctx, domain, &dcs, &numdcs );
+ if ( NT_STATUS_IS_OK(status) && numdcs ) {
+ print_ldap_srvlist(dcs, numdcs);
+ TALLOC_FREE( ctx );
+
return 0;
}
DEBUG(9, ("Looking up DC for domain %s\n", domain));
- if (!get_pdc_ip(domain, &addr))
+ if (!get_pdc_ip(domain, &addr)) {
+ TALLOC_FREE( ctx );
return -1;
+ }
hostent = gethostbyaddr((char *) &addr.s_addr, sizeof(addr.s_addr),
AF_INET);
- if (!hostent)
+ if (!hostent) {
+ TALLOC_FREE( ctx );
return -1;
+ }
DEBUG(9, ("Found DC with DNS name %s\n", hostent->h_name));
domain = strchr(hostent->h_name, '.');
- if (!domain)
+ if (!domain) {
+ TALLOC_FREE( ctx );
return -1;
+ }
domain++;
DEBUG(9, ("Looking up ldap for domain %s\n", domain));
- rc = ldap_domain2hostlist(domain, &srvlist);
- if ((rc == LDAP_SUCCESS) && srvlist) {
- print_ldap_srvlist(srvlist);
+
+ status = ads_dns_query_dcs( ctx, domain, &dcs, &numdcs );
+ if ( NT_STATUS_IS_OK(status) && numdcs ) {
+ print_ldap_srvlist(dcs, numdcs);
+ TALLOC_FREE( ctx );
+
return 0;
}
+
+ TALLOC_FREE( ctx );
+
+
return -1;
#endif
DEBUG(1,("No ADS support\n"));