diff options
Diffstat (limited to 'source3/libads/dns.c')
-rw-r--r-- | source3/libads/dns.c | 45 |
1 files changed, 37 insertions, 8 deletions
diff --git a/source3/libads/dns.c b/source3/libads/dns.c index 579296ea1f..d5c851d5ca 100644 --- a/source3/libads/dns.c +++ b/source3/libads/dns.c @@ -649,18 +649,20 @@ BOOL stored_sitename_changed(const char *sitename) Query with optional sitename. ********************************************************************/ -NTSTATUS ads_dns_query_dcs_internal(TALLOC_CTX *ctx, - const char *domain, +NTSTATUS ads_dns_query_internal(TALLOC_CTX *ctx, + const char *servicename, + const char *realm, const char *sitename, struct dns_rr_srv **dclist, int *numdcs ) { char *name; if (sitename) { - name = talloc_asprintf(ctx, "_ldap._tcp.%s._sites.dc._msdcs.%s", - sitename, domain ); + name = talloc_asprintf(ctx, "%s._tcp.%s._sites.dc._msdcs.%s", + servicename, sitename, realm ); } else { - name = talloc_asprintf(ctx, "_ldap._tcp.dc._msdcs.%s", domain ); + name = talloc_asprintf(ctx, "%s._tcp.dc._msdcs.%s", + servicename, realm ); } if (!name) { return NT_STATUS_NO_MEMORY; @@ -673,17 +675,44 @@ NTSTATUS ads_dns_query_dcs_internal(TALLOC_CTX *ctx, ********************************************************************/ NTSTATUS ads_dns_query_dcs(TALLOC_CTX *ctx, - const char *domain, + const char *realm, struct dns_rr_srv **dclist, int *numdcs ) { NTSTATUS status; char *sitename = sitename_fetch(); - status = ads_dns_query_dcs_internal(ctx, domain, sitename, dclist, numdcs); + status = ads_dns_query_internal(ctx, "_ldap", realm, sitename, + dclist, numdcs); if (sitename && !NT_STATUS_IS_OK(status)) { /* Sitename DNS query may have failed. Try without. */ - status = ads_dns_query_dcs_internal(ctx, domain, NULL, dclist, numdcs); + status = ads_dns_query_internal(ctx, "_ldap", realm, NULL, + dclist, numdcs); + } + SAFE_FREE(sitename); + return status; +} + +/******************************************************************** + Query for AD KDC's. Transparently use sitename. + Even if our underlying kerberos libraries are UDP only, this + is pretty safe as it's unlikely that a KDC supports TCP and not UDP. +********************************************************************/ + +NTSTATUS ads_dns_query_kdcs(TALLOC_CTX *ctx, + const char *realm, + struct dns_rr_srv **dclist, + int *numdcs ) +{ + NTSTATUS status; + char *sitename = sitename_fetch(); + + status = ads_dns_query_internal(ctx, "_kerberos", realm, sitename, + dclist, numdcs); + if (sitename && !NT_STATUS_IS_OK(status)) { + /* Sitename DNS query may have failed. Try without. */ + status = ads_dns_query_internal(ctx, "_kerberos", realm, NULL, + dclist, numdcs); } SAFE_FREE(sitename); return status; |