From f6c4f25e4319b47ac6c8dbf67a4b1c513148384c Mon Sep 17 00:00:00 2001 From: Gerald Carter Date: Thu, 12 Dec 2002 23:35:55 +0000 Subject: merge of get_dc_name()-like code from APP_HEAD; better support password server = DC1 * (This used to be commit 6b18ca9511ddcf1718f222af3f61491d1e5f3b60) --- source3/libsmb/namequery_dc.c | 104 ++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 104 insertions(+) create mode 100644 source3/libsmb/namequery_dc.c (limited to 'source3/libsmb/namequery_dc.c') diff --git a/source3/libsmb/namequery_dc.c b/source3/libsmb/namequery_dc.c new file mode 100644 index 0000000000..ffc64139e9 --- /dev/null +++ b/source3/libsmb/namequery_dc.c @@ -0,0 +1,104 @@ +/* + Unix SMB/CIFS implementation. + + Winbind daemon connection manager + + Copyright (C) Tim Potter 2001 + Copyright (C) Andrew Bartlett 2002 + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. +*/ + + +#include "includes.h" + + +/* + find the DC for a domain using methods appropriate for a RPC domain +*/ +BOOL rpc_find_dc(const char *domain, fstring srv_name, struct in_addr *ip_out) +{ + struct in_addr *ip_list = NULL, dc_ip, exclude_ip; + int count, i; + BOOL list_ordered; + BOOL use_pdc_only; + + zero_ip(&exclude_ip); + + use_pdc_only = must_use_pdc(domain); + + /* Lookup domain controller name */ + + if ( use_pdc_only && get_pdc_ip(domain, &dc_ip) ) { + DEBUG(10,("rpc_find_dc: Atempting to lookup PDC to avoid sam sync delays\n")); + + if (name_status_find(domain, 0x1c, 0x20, dc_ip, srv_name)) { + goto done; + } + /* Didn't get name, remember not to talk to this DC. */ + exclude_ip = dc_ip; + } + + /* get a list of all domain controllers */ + + if (!get_dc_list( domain, &ip_list, &count, &list_ordered) ) { + DEBUG(3, ("Could not look up dc's for domain %s\n", domain)); + return False; + } + + /* Remove the entry we've already failed with (should be the PDC). */ + + if ( use_pdc_only ) { + for (i = 0; i < count; i++) { + if (ip_equal( exclude_ip, ip_list[i])) + zero_ip(&ip_list[i]); + } + } + + /* Pick a nice close server, but only if the list was not ordered */ + if (!list_ordered && (count > 1) ) { + qsort(ip_list, count, sizeof(struct in_addr), QSORT_CAST ip_compare); + } + + for (i = 0; i < count; i++) { + if (is_zero_ip(ip_list[i])) + continue; + + if (name_status_find(domain, 0x1c, 0x20, ip_list[i], srv_name)) { + dc_ip = ip_list[i]; + goto done; + } + } + + + SAFE_FREE(ip_list); + + return False; +done: + /* We have the netbios name and IP address of a domain controller. + Ideally we should sent a SAMLOGON request to determine whether + the DC is alive and kicking. If we can catch a dead DC before + performing a cli_connect() we can avoid a 30-second timeout. */ + + DEBUG(3, ("rpc_find_dc: Returning DC %s (%s) for domain %s\n", srv_name, + inet_ntoa(dc_ip), domain)); + + *ip_out = dc_ip; + + SAFE_FREE(ip_list); + + return True; +} + -- cgit From 0d55e9c536779215a7e49b220041fdacde25d74a Mon Sep 17 00:00:00 2001 From: Gerald Carter Date: Fri, 6 Jun 2003 14:11:14 +0000 Subject: merge from APP_HEAD. Push negative connection cache into rpc_find_dc(). Should probably be extended some more in 3.0 but this is what we have for the moment. (This used to be commit 0e23abf95cf7ba2d0a314a34bddb4d46de2a3cd1) --- source3/libsmb/namequery_dc.c | 155 ++++++++++++++++++++++++++++++++++++++++-- 1 file changed, 148 insertions(+), 7 deletions(-) (limited to 'source3/libsmb/namequery_dc.c') diff --git a/source3/libsmb/namequery_dc.c b/source3/libsmb/namequery_dc.c index ffc64139e9..e98b728963 100644 --- a/source3/libsmb/namequery_dc.c +++ b/source3/libsmb/namequery_dc.c @@ -25,15 +25,149 @@ #include "includes.h" -/* - find the DC for a domain using methods appropriate for a RPC domain -*/ +#define FAILED_CONNECTION_CACHE_TIMEOUT 30 /* Seconds between attempts */ + +struct failed_connection_cache { + fstring domain_name; + fstring controller; + time_t lookup_time; + NTSTATUS nt_status; + struct failed_connection_cache *prev, *next; +}; + +static struct failed_connection_cache *failed_connection_cache; + +/********************************************************************** + Check for a previously failed connection +**********************************************************************/ + +static NTSTATUS check_negative_conn_cache( const char *domain, const char *server ) +{ + struct failed_connection_cache *fcc; + NTSTATUS result = NT_STATUS_UNSUCCESSFUL; + + /* can't check if we don't have strings */ + + if ( !domain || !server ) + return NT_STATUS_OK; + + for (fcc = failed_connection_cache; fcc; fcc = fcc->next) { + + /* + * we have a match IFF the domain and server name matches + * (a) the domain matches, + * (b) the IP address matches (if we have one) + * (c) the server name (if specified) matches + */ + + if ( !strequal(domain, fcc->domain_name) || !strequal(server, fcc->controller) ) + continue; /* no match; check the next entry */ + + /* we have a match so see if it is still current */ + + if ((time(NULL) - fcc->lookup_time) > FAILED_CONNECTION_CACHE_TIMEOUT) + { + /* Cache entry has expired, delete it */ + + DEBUG(10, ("check_negative_conn_cache: cache entry expired for %s, %s\n", + domain, server )); + + DLIST_REMOVE(failed_connection_cache, fcc); + SAFE_FREE(fcc); + + return NT_STATUS_OK; + } + + /* The timeout hasn't expired yet so return false */ + + DEBUG(10, ("check_negative_conn_cache: returning negative entry for %s, %s\n", + domain, server )); + + result = fcc->nt_status; + return result; + } + + /* end of function means no cache entry */ + return NT_STATUS_OK; +} + +/********************************************************************** + Add an entry to the failed conneciton cache +**********************************************************************/ + +void add_failed_connection_entry(const char *domain, const char *server, NTSTATUS result) +{ + struct failed_connection_cache *fcc; + + SMB_ASSERT(!NT_STATUS_IS_OK(result)); + + /* Check we already aren't in the cache. We always have to have + a domain, but maybe not a specific DC name. */ + + for (fcc = failed_connection_cache; fcc; fcc = fcc->next) { + if ( strequal(fcc->domain_name, domain) && strequal(fcc->controller, server) ) + { + DEBUG(10, ("add_failed_connection_entry: domain %s (%s) already tried and failed\n", + domain, server )); + return; + } + } + + /* Create negative lookup cache entry for this domain and controller */ + + if ( !(fcc = (struct failed_connection_cache *)malloc(sizeof(struct failed_connection_cache))) ) + { + DEBUG(0, ("malloc failed in add_failed_connection_entry!\n")); + return; + } + + ZERO_STRUCTP(fcc); + + fstrcpy( fcc->domain_name, domain ); + fstrcpy( fcc->controller, server ); + fcc->lookup_time = time(NULL); + fcc->nt_status = result; + + DEBUG(10,("add_failed_connection_entry: added domain %s (%s) to failed conn cache\n", + domain, server )); + + DLIST_ADD(failed_connection_cache, fcc); +} + +/**************************************************************************** +****************************************************************************/ + +void flush_negative_conn_cache( void ) +{ + struct failed_connection_cache *fcc; + + fcc = failed_connection_cache; + + while (fcc) { + struct failed_connection_cache *fcc_next; + + fcc_next = fcc->next; + DLIST_REMOVE(failed_connection_cache, fcc); + free(fcc); + + fcc = fcc_next; + } + +} + +/**************************************************************************** + Utility function to return the name of a DC using RPC. The name is + guaranteed to be valid since we have already done a name_status_find on it + and we have checked our negative connection cache + ***************************************************************************/ + BOOL rpc_find_dc(const char *domain, fstring srv_name, struct in_addr *ip_out) { struct in_addr *ip_list = NULL, dc_ip, exclude_ip; int count, i; BOOL list_ordered; BOOL use_pdc_only; + NTSTATUS result; zero_ip(&exclude_ip); @@ -41,11 +175,15 @@ BOOL rpc_find_dc(const char *domain, fstring srv_name, struct in_addr *ip_out) /* Lookup domain controller name */ - if ( use_pdc_only && get_pdc_ip(domain, &dc_ip) ) { + if ( use_pdc_only && get_pdc_ip(domain, &dc_ip) ) + { DEBUG(10,("rpc_find_dc: Atempting to lookup PDC to avoid sam sync delays\n")); if (name_status_find(domain, 0x1c, 0x20, dc_ip, srv_name)) { - goto done; + /* makre we we haven't tried this on previously and failed */ + result = check_negative_conn_cache( domain, srv_name ); + if ( NT_STATUS_IS_OK(result) ) + goto done; } /* Didn't get name, remember not to talk to this DC. */ exclude_ip = dc_ip; @@ -77,8 +215,11 @@ BOOL rpc_find_dc(const char *domain, fstring srv_name, struct in_addr *ip_out) continue; if (name_status_find(domain, 0x1c, 0x20, ip_list[i], srv_name)) { - dc_ip = ip_list[i]; - goto done; + result = check_negative_conn_cache( domain, srv_name ); + if ( NT_STATUS_IS_OK(result) ) { + dc_ip = ip_list[i]; + goto done; + } } } -- cgit From 292a51eda152f5e1885f38f3a811e956560f33f0 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Fri, 13 Jun 2003 21:03:15 +0000 Subject: Forward port the app-head changes for dc name cache into 3.0. Jeremy. (This used to be commit 8bcc3116a22ce11b55a35f3363230f54bc5735fc) --- source3/libsmb/namequery_dc.c | 95 +++++++++++++++++++++++++++++++++++-------- 1 file changed, 78 insertions(+), 17 deletions(-) (limited to 'source3/libsmb/namequery_dc.c') diff --git a/source3/libsmb/namequery_dc.c b/source3/libsmb/namequery_dc.c index e98b728963..c162e34027 100644 --- a/source3/libsmb/namequery_dc.c +++ b/source3/libsmb/namequery_dc.c @@ -156,12 +156,11 @@ void flush_negative_conn_cache( void ) } /**************************************************************************** - Utility function to return the name of a DC using RPC. The name is - guaranteed to be valid since we have already done a name_status_find on it - and we have checked our negative connection cache + Utility function to return the name of a DC. The name is guaranteed to be + valid since we have already done a name_status_find on it ***************************************************************************/ - -BOOL rpc_find_dc(const char *domain, fstring srv_name, struct in_addr *ip_out) + +BOOL get_dc_name(const char *domain, fstring srv_name, struct in_addr *ip_out) { struct in_addr *ip_list = NULL, dc_ip, exclude_ip; int count, i; @@ -177,10 +176,12 @@ BOOL rpc_find_dc(const char *domain, fstring srv_name, struct in_addr *ip_out) if ( use_pdc_only && get_pdc_ip(domain, &dc_ip) ) { - DEBUG(10,("rpc_find_dc: Atempting to lookup PDC to avoid sam sync delays\n")); + DEBUG(10,("get_dc_name: Atempting to lookup PDC to avoid sam sync delays\n")); - if (name_status_find(domain, 0x1c, 0x20, dc_ip, srv_name)) { - /* makre we we haven't tried this on previously and failed */ + /* check the connection cache and perform the node status + lookup only if the IP is not found to be bad */ + + if (name_status_find(domain, 0x1c, 0x20, dc_ip, srv_name) ) { result = check_negative_conn_cache( domain, srv_name ); if ( NT_STATUS_IS_OK(result) ) goto done; @@ -205,11 +206,71 @@ BOOL rpc_find_dc(const char *domain, fstring srv_name, struct in_addr *ip_out) } } - /* Pick a nice close server, but only if the list was not ordered */ - if (!list_ordered && (count > 1) ) { - qsort(ip_list, count, sizeof(struct in_addr), QSORT_CAST ip_compare); + if ( !list_ordered ) + { + /* + * Pick a nice close server. Look for DC on local net + * (assuming we don't have a list of preferred DC's) + */ + + for (i = 0; i < count; i++) { + if (is_zero_ip(ip_list[i])) + continue; + + if ( !is_local_net(ip_list[i]) ) + continue; + + if (name_status_find(domain, 0x1c, 0x20, ip_list[i], srv_name)) { + result = check_negative_conn_cache( domain, srv_name ); + if ( NT_STATUS_IS_OK(result) ) { + dc_ip = ip_list[i]; + goto done; + } + } + + zero_ip(&ip_list[i]); + } + + /* + * Try looking in the name status cache for an + * entry we already have. We know that already + * resolved ok. + */ + + for (i = 0; i < count; i++) { + if (is_zero_ip(ip_list[i])) + continue; + + if (namecache_status_fetch(domain, 0x1c, 0x20, + ip_list[i], srv_name)) { + result = check_negative_conn_cache( domain, srv_name ); + if ( NT_STATUS_IS_OK(result) ) { + dc_ip = ip_list[i]; + goto done; + } + } + } + + /* + * Secondly try and contact a random PDC/BDC. + */ + + i = (sys_random() % count); + + if ( !is_zero_ip(ip_list[i]) ) { + if ( name_status_find(domain, 0x1c, 0x20, ip_list[i], srv_name)) { + result = check_negative_conn_cache( domain, srv_name ); + if ( NT_STATUS_IS_OK(result) ) { + dc_ip = ip_list[i]; + goto done; + } + } + zero_ip(&ip_list[i]); /* Tried and failed. */ + } } + /* Finally return first DC that we can contact */ + for (i = 0; i < count; i++) { if (is_zero_ip(ip_list[i])) continue; @@ -220,20 +281,21 @@ BOOL rpc_find_dc(const char *domain, fstring srv_name, struct in_addr *ip_out) dc_ip = ip_list[i]; goto done; } - } + } } - SAFE_FREE(ip_list); - return False; -done: + /* No-one to talk to )-: */ + return False; /* Boo-hoo */ + + done: /* We have the netbios name and IP address of a domain controller. Ideally we should sent a SAMLOGON request to determine whether the DC is alive and kicking. If we can catch a dead DC before performing a cli_connect() we can avoid a 30-second timeout. */ - DEBUG(3, ("rpc_find_dc: Returning DC %s (%s) for domain %s\n", srv_name, + DEBUG(3, ("get_dc_name: Returning DC %s (%s) for domain %s\n", srv_name, inet_ntoa(dc_ip), domain)); *ip_out = dc_ip; @@ -242,4 +304,3 @@ done: return True; } - -- cgit From f36c96d59c79a51610bb5a1fc42ac62bd8d08401 Mon Sep 17 00:00:00 2001 From: Gerald Carter Date: Mon, 23 Jun 2003 19:05:23 +0000 Subject: * s/get_dc_name/rpc_dc_name/g (revert a previous change) * move back to qsort() for sorting IP address in get_dc_list() * remove dc_name_cache in cm_get_dc_name() since it slowed things down more than it helped. I've made a note of where to add in the negative connection cache in the ads code. Will come back to that. * fix rpcclient to use PRINTER_ALL_ACCESS for set printer (instead of MAX_ALLOWED) * only enumerate domain local groups in our domain * simplify ldap search for seqnum in winbindd's rpc backend (This used to be commit f8cab8635b02b205b4031279cedd804c1fb22c5b) --- source3/libsmb/namequery_dc.c | 76 +++++-------------------------------------- 1 file changed, 9 insertions(+), 67 deletions(-) (limited to 'source3/libsmb/namequery_dc.c') diff --git a/source3/libsmb/namequery_dc.c b/source3/libsmb/namequery_dc.c index c162e34027..ac1f9a54de 100644 --- a/source3/libsmb/namequery_dc.c +++ b/source3/libsmb/namequery_dc.c @@ -160,7 +160,7 @@ void flush_negative_conn_cache( void ) valid since we have already done a name_status_find on it ***************************************************************************/ -BOOL get_dc_name(const char *domain, fstring srv_name, struct in_addr *ip_out) +BOOL rpc_dc_name(const char *domain, fstring srv_name, struct in_addr *ip_out) { struct in_addr *ip_list = NULL, dc_ip, exclude_ip; int count, i; @@ -176,7 +176,7 @@ BOOL get_dc_name(const char *domain, fstring srv_name, struct in_addr *ip_out) if ( use_pdc_only && get_pdc_ip(domain, &dc_ip) ) { - DEBUG(10,("get_dc_name: Atempting to lookup PDC to avoid sam sync delays\n")); + DEBUG(10,("rpc_dc_name: Atempting to lookup PDC to avoid sam sync delays\n")); /* check the connection cache and perform the node status lookup only if the IP is not found to be bad */ @@ -206,71 +206,12 @@ BOOL get_dc_name(const char *domain, fstring srv_name, struct in_addr *ip_out) } } - if ( !list_ordered ) - { - /* - * Pick a nice close server. Look for DC on local net - * (assuming we don't have a list of preferred DC's) - */ - - for (i = 0; i < count; i++) { - if (is_zero_ip(ip_list[i])) - continue; - - if ( !is_local_net(ip_list[i]) ) - continue; - - if (name_status_find(domain, 0x1c, 0x20, ip_list[i], srv_name)) { - result = check_negative_conn_cache( domain, srv_name ); - if ( NT_STATUS_IS_OK(result) ) { - dc_ip = ip_list[i]; - goto done; - } - } - - zero_ip(&ip_list[i]); - } - - /* - * Try looking in the name status cache for an - * entry we already have. We know that already - * resolved ok. - */ - - for (i = 0; i < count; i++) { - if (is_zero_ip(ip_list[i])) - continue; - - if (namecache_status_fetch(domain, 0x1c, 0x20, - ip_list[i], srv_name)) { - result = check_negative_conn_cache( domain, srv_name ); - if ( NT_STATUS_IS_OK(result) ) { - dc_ip = ip_list[i]; - goto done; - } - } - } - - /* - * Secondly try and contact a random PDC/BDC. - */ - - i = (sys_random() % count); - - if ( !is_zero_ip(ip_list[i]) ) { - if ( name_status_find(domain, 0x1c, 0x20, ip_list[i], srv_name)) { - result = check_negative_conn_cache( domain, srv_name ); - if ( NT_STATUS_IS_OK(result) ) { - dc_ip = ip_list[i]; - goto done; - } - } - zero_ip(&ip_list[i]); /* Tried and failed. */ - } + /* Pick a nice close server, but only if the list was not ordered */ + + if (!list_ordered && (count > 1) ) { + qsort(ip_list, count, sizeof(struct in_addr), QSORT_CAST ip_compare); } - /* Finally return first DC that we can contact */ - for (i = 0; i < count; i++) { if (is_zero_ip(ip_list[i])) continue; @@ -281,8 +222,9 @@ BOOL get_dc_name(const char *domain, fstring srv_name, struct in_addr *ip_out) dc_ip = ip_list[i]; goto done; } - } + } } + SAFE_FREE(ip_list); @@ -295,7 +237,7 @@ BOOL get_dc_name(const char *domain, fstring srv_name, struct in_addr *ip_out) the DC is alive and kicking. If we can catch a dead DC before performing a cli_connect() we can avoid a 30-second timeout. */ - DEBUG(3, ("get_dc_name: Returning DC %s (%s) for domain %s\n", srv_name, + DEBUG(3, ("rpc_dc_name: Returning DC %s (%s) for domain %s\n", srv_name, inet_ntoa(dc_ip), domain)); *ip_out = dc_ip; -- cgit From f51d769dd303027a3dbf46fc89a482933988e866 Mon Sep 17 00:00:00 2001 From: Gerald Carter Date: Wed, 25 Jun 2003 17:41:05 +0000 Subject: large change: *) consolidates the dc location routines again (dns and netbios) get_dc_list() or get_sorted_dc_list() is the authoritative means of locating DC's again. (also inludes a flag to get_dc_list() to define if this should be a DNS only lookup or not) (however, if you set "name resolve order = hosts wins" you could still get DNS queries for domain name IFF ldap_domain2hostlist() fails. The answer? Fix your DNS setup) *) enabled DOMAIN<0x1c> lookups to be funneled through resolve_hosts resulting in a call to ldap_domain2hostlist() if lp_security() == SEC_ADS *) enables name cache for winbind ADS backend *) enable the negative connection cache for winbind ADS backend *) removes some old dead code *) consolidates some duplicate code *) moves the internal_name_resolve() to use an IP/port pair to deal with SRV RR dns replies. The namecache code also supports the IP:port syntax now as well. *) removes 'ads server' and moves the functionality back into 'password server' (which can support "hostname:port" syntax now but works fine with defaults depending on the value of lp_security()) (This used to be commit d7f7fcda425bef380441509734eca33da943c091) --- source3/libsmb/namequery_dc.c | 155 +++--------------------------------------- 1 file changed, 9 insertions(+), 146 deletions(-) (limited to 'source3/libsmb/namequery_dc.c') diff --git a/source3/libsmb/namequery_dc.c b/source3/libsmb/namequery_dc.c index ac1f9a54de..fc383d9a6b 100644 --- a/source3/libsmb/namequery_dc.c +++ b/source3/libsmb/namequery_dc.c @@ -24,137 +24,6 @@ #include "includes.h" - -#define FAILED_CONNECTION_CACHE_TIMEOUT 30 /* Seconds between attempts */ - -struct failed_connection_cache { - fstring domain_name; - fstring controller; - time_t lookup_time; - NTSTATUS nt_status; - struct failed_connection_cache *prev, *next; -}; - -static struct failed_connection_cache *failed_connection_cache; - -/********************************************************************** - Check for a previously failed connection -**********************************************************************/ - -static NTSTATUS check_negative_conn_cache( const char *domain, const char *server ) -{ - struct failed_connection_cache *fcc; - NTSTATUS result = NT_STATUS_UNSUCCESSFUL; - - /* can't check if we don't have strings */ - - if ( !domain || !server ) - return NT_STATUS_OK; - - for (fcc = failed_connection_cache; fcc; fcc = fcc->next) { - - /* - * we have a match IFF the domain and server name matches - * (a) the domain matches, - * (b) the IP address matches (if we have one) - * (c) the server name (if specified) matches - */ - - if ( !strequal(domain, fcc->domain_name) || !strequal(server, fcc->controller) ) - continue; /* no match; check the next entry */ - - /* we have a match so see if it is still current */ - - if ((time(NULL) - fcc->lookup_time) > FAILED_CONNECTION_CACHE_TIMEOUT) - { - /* Cache entry has expired, delete it */ - - DEBUG(10, ("check_negative_conn_cache: cache entry expired for %s, %s\n", - domain, server )); - - DLIST_REMOVE(failed_connection_cache, fcc); - SAFE_FREE(fcc); - - return NT_STATUS_OK; - } - - /* The timeout hasn't expired yet so return false */ - - DEBUG(10, ("check_negative_conn_cache: returning negative entry for %s, %s\n", - domain, server )); - - result = fcc->nt_status; - return result; - } - - /* end of function means no cache entry */ - return NT_STATUS_OK; -} - -/********************************************************************** - Add an entry to the failed conneciton cache -**********************************************************************/ - -void add_failed_connection_entry(const char *domain, const char *server, NTSTATUS result) -{ - struct failed_connection_cache *fcc; - - SMB_ASSERT(!NT_STATUS_IS_OK(result)); - - /* Check we already aren't in the cache. We always have to have - a domain, but maybe not a specific DC name. */ - - for (fcc = failed_connection_cache; fcc; fcc = fcc->next) { - if ( strequal(fcc->domain_name, domain) && strequal(fcc->controller, server) ) - { - DEBUG(10, ("add_failed_connection_entry: domain %s (%s) already tried and failed\n", - domain, server )); - return; - } - } - - /* Create negative lookup cache entry for this domain and controller */ - - if ( !(fcc = (struct failed_connection_cache *)malloc(sizeof(struct failed_connection_cache))) ) - { - DEBUG(0, ("malloc failed in add_failed_connection_entry!\n")); - return; - } - - ZERO_STRUCTP(fcc); - - fstrcpy( fcc->domain_name, domain ); - fstrcpy( fcc->controller, server ); - fcc->lookup_time = time(NULL); - fcc->nt_status = result; - - DEBUG(10,("add_failed_connection_entry: added domain %s (%s) to failed conn cache\n", - domain, server )); - - DLIST_ADD(failed_connection_cache, fcc); -} - -/**************************************************************************** -****************************************************************************/ - -void flush_negative_conn_cache( void ) -{ - struct failed_connection_cache *fcc; - - fcc = failed_connection_cache; - - while (fcc) { - struct failed_connection_cache *fcc_next; - - fcc_next = fcc->next; - DLIST_REMOVE(failed_connection_cache, fcc); - free(fcc); - - fcc = fcc_next; - } - -} - /**************************************************************************** Utility function to return the name of a DC. The name is guaranteed to be valid since we have already done a name_status_find on it @@ -162,9 +31,9 @@ void flush_negative_conn_cache( void ) BOOL rpc_dc_name(const char *domain, fstring srv_name, struct in_addr *ip_out) { - struct in_addr *ip_list = NULL, dc_ip, exclude_ip; + struct ip_service *ip_list = NULL; + struct in_addr dc_ip, exclude_ip; int count, i; - BOOL list_ordered; BOOL use_pdc_only; NTSTATUS result; @@ -181,7 +50,7 @@ BOOL rpc_dc_name(const char *domain, fstring srv_name, struct in_addr *ip_out) /* check the connection cache and perform the node status lookup only if the IP is not found to be bad */ - if (name_status_find(domain, 0x1c, 0x20, dc_ip, srv_name) ) { + if (name_status_find(domain, 0x1b, 0x20, dc_ip, srv_name) ) { result = check_negative_conn_cache( domain, srv_name ); if ( NT_STATUS_IS_OK(result) ) goto done; @@ -192,7 +61,7 @@ BOOL rpc_dc_name(const char *domain, fstring srv_name, struct in_addr *ip_out) /* get a list of all domain controllers */ - if (!get_dc_list( domain, &ip_list, &count, &list_ordered) ) { + if ( !get_sorted_dc_list(domain, &ip_list, &count, False) ) { DEBUG(3, ("Could not look up dc's for domain %s\n", domain)); return False; } @@ -201,25 +70,19 @@ BOOL rpc_dc_name(const char *domain, fstring srv_name, struct in_addr *ip_out) if ( use_pdc_only ) { for (i = 0; i < count; i++) { - if (ip_equal( exclude_ip, ip_list[i])) - zero_ip(&ip_list[i]); + if (ip_equal( exclude_ip, ip_list[i].ip)) + zero_ip(&ip_list[i].ip); } } - /* Pick a nice close server, but only if the list was not ordered */ - - if (!list_ordered && (count > 1) ) { - qsort(ip_list, count, sizeof(struct in_addr), QSORT_CAST ip_compare); - } - for (i = 0; i < count; i++) { - if (is_zero_ip(ip_list[i])) + if (is_zero_ip(ip_list[i].ip)) continue; - if (name_status_find(domain, 0x1c, 0x20, ip_list[i], srv_name)) { + if (name_status_find(domain, 0x1c, 0x20, ip_list[i].ip, srv_name)) { result = check_negative_conn_cache( domain, srv_name ); if ( NT_STATUS_IS_OK(result) ) { - dc_ip = ip_list[i]; + dc_ip = ip_list[i].ip; goto done; } } -- cgit From e359dbcedb53b03df79140c30ecfdfdbcb904595 Mon Sep 17 00:00:00 2001 From: Gerald Carter Date: Mon, 30 Jun 2003 20:45:14 +0000 Subject: * cleanup more DC name resolution issues in check_*domain_security() * is_trusted_domain() is broken without winbind. Still working on this. * get_global_sam_name() should return the workgroup name unless we are a standalone server (verified by volker) * Get_Pwnam() should always fall back to the username (minus domain name) even if it is not our workgroup so that TRUSTEDOMAIN\user can logon if 'user' exists in the local list of accounts (on domain members w/o winbind) Tested using Samba PDC with trusts (running winbindd) and a Samba 3.0 domain member not running winbindd. notes: make_user_info_map() is slightly broken now due to the fact that is_trusted_domain() only works with winbindd. disabled checks temporarily until I can sort this out. (This used to be commit e1d6094d066d4c16ab73075caba40a1ae6c56b1e) --- source3/libsmb/namequery_dc.c | 71 ++++++++++++++++++++++++++++++++++++++++++- 1 file changed, 70 insertions(+), 1 deletion(-) (limited to 'source3/libsmb/namequery_dc.c') diff --git a/source3/libsmb/namequery_dc.c b/source3/libsmb/namequery_dc.c index fc383d9a6b..8bfb00b9ad 100644 --- a/source3/libsmb/namequery_dc.c +++ b/source3/libsmb/namequery_dc.c @@ -5,6 +5,7 @@ Copyright (C) Tim Potter 2001 Copyright (C) Andrew Bartlett 2002 + Copyright (C) Gerald Carter 2003 This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -24,12 +25,54 @@ #include "includes.h" +/************************************************************************** + Find the name and IP address for a server in he realm/domain + *************************************************************************/ + +static BOOL ads_dc_name(const char *domain, struct in_addr *dc_ip, fstring srv_name) +{ + ADS_STRUCT *ads; + const char *realm = domain; + + if (strcasecmp(realm, lp_workgroup()) == 0) + realm = lp_realm(); + + ads = ads_init(realm, domain, NULL); + if (!ads) + return False; + + /* we don't need to bind, just connect */ + ads->auth.flags |= ADS_AUTH_NO_BIND; + + DEBUG(4,("ads_dc_name: domain=%s\n", domain)); + +#ifdef HAVE_ADS + /* a full ads_connect() is actually overkill, as we don't srictly need + to do the SASL auth in order to get the info we need, but libads + doesn't offer a better way right now */ + ads_connect(ads); +#endif + + if (!ads->config.realm) + return False; + + fstrcpy(srv_name, ads->config.ldap_server_name); + strupper(srv_name); + *dc_ip = ads->ldap_ip; + ads_destroy(&ads); + + DEBUG(4,("ads_dc_name: using server='%s' IP=%s\n", + srv_name, inet_ntoa(*dc_ip))); + + return True; +} + /**************************************************************************** Utility function to return the name of a DC. The name is guaranteed to be valid since we have already done a name_status_find on it ***************************************************************************/ -BOOL rpc_dc_name(const char *domain, fstring srv_name, struct in_addr *ip_out) +static BOOL rpc_dc_name(const char *domain, fstring srv_name, struct in_addr *ip_out) { struct ip_service *ip_list = NULL; struct in_addr dc_ip, exclude_ip; @@ -109,3 +152,29 @@ BOOL rpc_dc_name(const char *domain, fstring srv_name, struct in_addr *ip_out) return True; } + +/********************************************************************** + wrapper around ads and rpc methods of finds DC's +**********************************************************************/ + +BOOL get_dc_name(const char *domain, fstring srv_name, struct in_addr *ip_out) +{ + struct in_addr dc_ip; + BOOL ret; + + zero_ip(&dc_ip); + + ret = False; + if (lp_security() == SEC_ADS) + ret = ads_dc_name(domain, &dc_ip, srv_name); + + if (!ret) { + /* fall back on rpc methods if the ADS methods fail */ + ret = rpc_dc_name(domain, srv_name, &dc_ip); + } + + *ip_out = dc_ip; + + return ret; +} + -- cgit From ce72beb2b558d86fb49063c6b1fa00e07952ce56 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Thu, 3 Jul 2003 19:11:31 +0000 Subject: Removed strupper/strlower macros that automatically map to strupper_m/strlower_m. I really want people to think about when they're using multibyte strings. Jeremy. (This used to be commit ff222716a08af65d26ad842ce4c2841cc6540959) --- source3/libsmb/namequery_dc.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source3/libsmb/namequery_dc.c') diff --git a/source3/libsmb/namequery_dc.c b/source3/libsmb/namequery_dc.c index 8bfb00b9ad..c9d45a7acc 100644 --- a/source3/libsmb/namequery_dc.c +++ b/source3/libsmb/namequery_dc.c @@ -57,7 +57,7 @@ static BOOL ads_dc_name(const char *domain, struct in_addr *dc_ip, fstring srv_n return False; fstrcpy(srv_name, ads->config.ldap_server_name); - strupper(srv_name); + strupper_m(srv_name); *dc_ip = ads->ldap_ip; ads_destroy(&ads); -- cgit From 4b5257b5b09d2490b2f4dc48e2181fde2a67cb5f Mon Sep 17 00:00:00 2001 From: Gerald Carter Date: Fri, 8 Aug 2003 23:53:13 +0000 Subject: fix 2 bugs: 1) don't ask trusted DC's for a list of trusted domains. This causes us to treat non-transitive ones as if they were transitive. Not needed anyways 2) Fix dc lookup bug where we would always try to use DNS to resolve the DC's for a domain (even if it was a trusted NT4 domain). (This used to be commit 4d3acce5066d3adf53ee8fbaa627c42523b3cbc3) --- source3/libsmb/namequery_dc.c | 16 +++++++++++++--- 1 file changed, 13 insertions(+), 3 deletions(-) (limited to 'source3/libsmb/namequery_dc.c') diff --git a/source3/libsmb/namequery_dc.c b/source3/libsmb/namequery_dc.c index c9d45a7acc..a596f00ddb 100644 --- a/source3/libsmb/namequery_dc.c +++ b/source3/libsmb/namequery_dc.c @@ -161,18 +161,28 @@ BOOL get_dc_name(const char *domain, fstring srv_name, struct in_addr *ip_out) { struct in_addr dc_ip; BOOL ret; + BOOL our_domain = False; zero_ip(&dc_ip); ret = False; - if (lp_security() == SEC_ADS) + + if ( strequal(lp_workgroup(), domain) || strequal(lp_realm(), domain) ) + our_domain = True; + + /* always try to obey what the admin specified in smb.conf. + If it is not our domain, assume that domain names with periods + in them are realm names */ + + if ( (our_domain && lp_security()==SEC_ADS) || strchr_m(domain, '.') ) { ret = ads_dc_name(domain, &dc_ip, srv_name); - + } + if (!ret) { /* fall back on rpc methods if the ADS methods fail */ ret = rpc_dc_name(domain, srv_name, &dc_ip); } - + *ip_out = dc_ip; return ret; -- cgit From bb0598faf58679a7ad26a1caab8eadb154a07ae2 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Wed, 22 Oct 2003 23:38:20 +0000 Subject: Put strcasecmp/strncasecmp on the banned list (except for needed calls in iconv.c and nsswitch/). Using them means you're not thinking about multibyte at all and I really want to discourage that. Jeremy. (This used to be commit d7e35dfb9283d560d0ed2ab231f36ed92767dace) --- source3/libsmb/namequery_dc.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source3/libsmb/namequery_dc.c') diff --git a/source3/libsmb/namequery_dc.c b/source3/libsmb/namequery_dc.c index a596f00ddb..df7f856cd7 100644 --- a/source3/libsmb/namequery_dc.c +++ b/source3/libsmb/namequery_dc.c @@ -34,7 +34,7 @@ static BOOL ads_dc_name(const char *domain, struct in_addr *dc_ip, fstring srv_n ADS_STRUCT *ads; const char *realm = domain; - if (strcasecmp(realm, lp_workgroup()) == 0) + if (strequal(realm, lp_workgroup())) realm = lp_realm(); ads = ads_init(realm, domain, NULL); -- cgit From a7f8c26d24b78dc6a0f829cf7b53112e5ddbdeda Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Mon, 5 Jan 2004 04:10:28 +0000 Subject: Change our Domain controller lookup routines to more carefully seperate DNS names (realms) from NetBIOS domain names. Until now, we would experience delays as we broadcast lookups for DNS names onto the local network segments. Now if DNS comes back negative, we fall straight back to looking up the short name. Andrew Bartlett (This used to be commit 32397c8b01f1dec7b05140d210bb32f836a80ca6) --- source3/libsmb/namequery_dc.c | 27 +++++++++++---------------- 1 file changed, 11 insertions(+), 16 deletions(-) (limited to 'source3/libsmb/namequery_dc.c') diff --git a/source3/libsmb/namequery_dc.c b/source3/libsmb/namequery_dc.c index df7f856cd7..31d759e0d2 100644 --- a/source3/libsmb/namequery_dc.c +++ b/source3/libsmb/namequery_dc.c @@ -29,27 +29,23 @@ Find the name and IP address for a server in he realm/domain *************************************************************************/ -static BOOL ads_dc_name(const char *domain, struct in_addr *dc_ip, fstring srv_name) +static BOOL ads_dc_name(const char *domain, const char *realm, struct in_addr *dc_ip, fstring srv_name) { ADS_STRUCT *ads; - const char *realm = domain; - if (strequal(realm, lp_workgroup())) + if (!realm && strequal(domain, lp_workgroup())) realm = lp_realm(); ads = ads_init(realm, domain, NULL); if (!ads) return False; - /* we don't need to bind, just connect */ - ads->auth.flags |= ADS_AUTH_NO_BIND; - DEBUG(4,("ads_dc_name: domain=%s\n", domain)); #ifdef HAVE_ADS - /* a full ads_connect() is actually overkill, as we don't srictly need - to do the SASL auth in order to get the info we need, but libads - doesn't offer a better way right now */ + /* we don't need to bind, just connect */ + ads->auth.flags |= ADS_AUTH_NO_BIND; + ads_connect(ads); #endif @@ -157,7 +153,7 @@ static BOOL rpc_dc_name(const char *domain, fstring srv_name, struct in_addr *ip wrapper around ads and rpc methods of finds DC's **********************************************************************/ -BOOL get_dc_name(const char *domain, fstring srv_name, struct in_addr *ip_out) +BOOL get_dc_name(const char *domain, const char *realm, fstring srv_name, struct in_addr *ip_out) { struct in_addr dc_ip; BOOL ret; @@ -167,15 +163,14 @@ BOOL get_dc_name(const char *domain, fstring srv_name, struct in_addr *ip_out) ret = False; - if ( strequal(lp_workgroup(), domain) || strequal(lp_realm(), domain) ) + if ( strequal(lp_workgroup(), domain) || strequal(lp_realm(), realm) ) our_domain = True; - /* always try to obey what the admin specified in smb.conf. - If it is not our domain, assume that domain names with periods - in them are realm names */ + /* always try to obey what the admin specified in smb.conf + (for the local domain) */ - if ( (our_domain && lp_security()==SEC_ADS) || strchr_m(domain, '.') ) { - ret = ads_dc_name(domain, &dc_ip, srv_name); + if ( (our_domain && lp_security()==SEC_ADS) || realm ) { + ret = ads_dc_name(domain, realm, &dc_ip, srv_name); } if (!ret) { -- cgit From 675ecdd5babbcf2d87e807e21375a4c0d81dfa14 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Thu, 6 May 2004 23:16:52 +0000 Subject: r539: Mem leak fixes from kawasa_r@itg.hitachi.co.jp Jeremy. (This used to be commit 8fe47b0bf27a8ae690ab0fcff377c8fc12919f43) --- source3/libsmb/namequery_dc.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) (limited to 'source3/libsmb/namequery_dc.c') diff --git a/source3/libsmb/namequery_dc.c b/source3/libsmb/namequery_dc.c index 31d759e0d2..0c9f19313c 100644 --- a/source3/libsmb/namequery_dc.c +++ b/source3/libsmb/namequery_dc.c @@ -49,8 +49,10 @@ static BOOL ads_dc_name(const char *domain, const char *realm, struct in_addr *d ads_connect(ads); #endif - if (!ads->config.realm) + if (!ads->config.realm) { + ads_destroy(&ads); return False; + } fstrcpy(srv_name, ads->config.ldap_server_name); strupper_m(srv_name); -- cgit From 855e02f1649992f05b685be96dfff4a9140170e9 Mon Sep 17 00:00:00 2001 From: Gerald Carter Date: Fri, 3 Feb 2006 21:19:24 +0000 Subject: r13310: first round of server affinity patches for winbindd & net ads join (This used to be commit 6c3480f9aecc061660ad5c06347b8f1d3e11a330) --- source3/libsmb/namequery_dc.c | 28 ---------------------------- 1 file changed, 28 deletions(-) (limited to 'source3/libsmb/namequery_dc.c') diff --git a/source3/libsmb/namequery_dc.c b/source3/libsmb/namequery_dc.c index 0c9f19313c..b9a593bf2a 100644 --- a/source3/libsmb/namequery_dc.c +++ b/source3/libsmb/namequery_dc.c @@ -75,31 +75,10 @@ static BOOL rpc_dc_name(const char *domain, fstring srv_name, struct in_addr *ip struct ip_service *ip_list = NULL; struct in_addr dc_ip, exclude_ip; int count, i; - BOOL use_pdc_only; NTSTATUS result; zero_ip(&exclude_ip); - use_pdc_only = must_use_pdc(domain); - - /* Lookup domain controller name */ - - if ( use_pdc_only && get_pdc_ip(domain, &dc_ip) ) - { - DEBUG(10,("rpc_dc_name: Atempting to lookup PDC to avoid sam sync delays\n")); - - /* check the connection cache and perform the node status - lookup only if the IP is not found to be bad */ - - if (name_status_find(domain, 0x1b, 0x20, dc_ip, srv_name) ) { - result = check_negative_conn_cache( domain, srv_name ); - if ( NT_STATUS_IS_OK(result) ) - goto done; - } - /* Didn't get name, remember not to talk to this DC. */ - exclude_ip = dc_ip; - } - /* get a list of all domain controllers */ if ( !get_sorted_dc_list(domain, &ip_list, &count, False) ) { @@ -109,13 +88,6 @@ static BOOL rpc_dc_name(const char *domain, fstring srv_name, struct in_addr *ip /* Remove the entry we've already failed with (should be the PDC). */ - if ( use_pdc_only ) { - for (i = 0; i < count; i++) { - if (ip_equal( exclude_ip, ip_list[i].ip)) - zero_ip(&ip_list[i].ip); - } - } - for (i = 0; i < count; i++) { if (is_zero_ip(ip_list[i].ip)) continue; -- cgit From c52b3fb89f29110d2c2026a540e5dd39826bb799 Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Mon, 28 Aug 2006 09:19:30 +0000 Subject: r17881: Another microstep towards better error reporting: Make get_sorted_dc_list return NTSTATUS. If we want to differentiate different name resolution problems we might want to introduce yet another error class for Samba-internal errors. Things like no route to host to the WINS server, a DNS server explicitly said host not found etc might be worth passing up. Because we can not stash everything into the existing NT_STATUS codes, what about a Samba-specific error class like NT_STATUS_DOS and NT_STATUS_LDAP? Volker (This used to be commit 60a166f0347170dff38554bed46193ce1226c8c1) --- source3/libsmb/namequery_dc.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'source3/libsmb/namequery_dc.c') diff --git a/source3/libsmb/namequery_dc.c b/source3/libsmb/namequery_dc.c index b9a593bf2a..4afd04a98f 100644 --- a/source3/libsmb/namequery_dc.c +++ b/source3/libsmb/namequery_dc.c @@ -81,7 +81,8 @@ static BOOL rpc_dc_name(const char *domain, fstring srv_name, struct in_addr *ip /* get a list of all domain controllers */ - if ( !get_sorted_dc_list(domain, &ip_list, &count, False) ) { + if (!NT_STATUS_IS_OK(get_sorted_dc_list(domain, &ip_list, &count, + False))) { DEBUG(3, ("Could not look up dc's for domain %s\n", domain)); return False; } -- cgit From 7b7ce43b40888af7d2663e77d8a9e83c383c6b2d Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Wed, 30 Aug 2006 05:52:31 +0000 Subject: r17929: Ok, I think I finally figured out where to put the code to redo the CLDAP query to restrict DC DNS lookups to the sitename. Jerry, please check to stop me going insane :-). Jeremy. (This used to be commit 8d22cc111579c57aec65be8884b41564b79b133a) --- source3/libsmb/namequery_dc.c | 54 +++++++++++++++++++++++++++++++++---------- 1 file changed, 42 insertions(+), 12 deletions(-) (limited to 'source3/libsmb/namequery_dc.c') diff --git a/source3/libsmb/namequery_dc.c b/source3/libsmb/namequery_dc.c index 4afd04a98f..b4ea90fde0 100644 --- a/source3/libsmb/namequery_dc.c +++ b/source3/libsmb/namequery_dc.c @@ -26,34 +26,65 @@ #include "includes.h" /************************************************************************** - Find the name and IP address for a server in he realm/domain + Find the name and IP address for a server in the realm/domain *************************************************************************/ -static BOOL ads_dc_name(const char *domain, const char *realm, struct in_addr *dc_ip, fstring srv_name) +static BOOL ads_dc_name(const char *domain, + const char *realm, + struct in_addr *dc_ip, + fstring srv_name) { ADS_STRUCT *ads; + char *sitename = sitename_fetch(); + int i; if (!realm && strequal(domain, lp_workgroup())) realm = lp_realm(); - ads = ads_init(realm, domain, NULL); - if (!ads) - return False; + /* Try this 3 times then give up. */ + for( i =0 ; i < 3; i++) { + ads = ads_init(realm, domain, NULL); + if (!ads) { + SAFE_FREE(sitename); + return False; + } - DEBUG(4,("ads_dc_name: domain=%s\n", domain)); + DEBUG(4,("ads_dc_name: domain=%s\n", domain)); #ifdef HAVE_ADS - /* we don't need to bind, just connect */ - ads->auth.flags |= ADS_AUTH_NO_BIND; - - ads_connect(ads); + /* we don't need to bind, just connect */ + ads->auth.flags |= ADS_AUTH_NO_BIND; + ads_connect(ads); #endif - if (!ads->config.realm) { + if (!ads->config.realm) { + SAFE_FREE(sitename); + ads_destroy(&ads); + return False; + } + + /* Now we've found a server, see if our sitename + has changed. If so, we need to re-do the query + to ensure we only find servers in our site. */ + + if (!sitename_changed(sitename)) { + break; + } + + ads_destroy(&ads); + } + + + if (i == 3) { + DEBUG(1,("ads_dc_name: sitename (now %s) keeps changing ???\n", + sitename)); + SAFE_FREE(sitename); ads_destroy(&ads); return False; } + SAFE_FREE(sitename); + fstrcpy(srv_name, ads->config.ldap_server_name); strupper_m(srv_name); *dc_ip = ads->ldap_ip; @@ -157,4 +188,3 @@ BOOL get_dc_name(const char *domain, const char *realm, fstring srv_name, struct return ret; } - -- cgit From bc28b5c7008e5df45fbd6bf413d8177e8ba7c367 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Wed, 30 Aug 2006 16:02:08 +0000 Subject: r17933: Don't print a NULL sitename. Jeremy. (This used to be commit 2829dbc3e01d967887e25d1bcacb1d538fc11e59) --- source3/libsmb/namequery_dc.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'source3/libsmb/namequery_dc.c') diff --git a/source3/libsmb/namequery_dc.c b/source3/libsmb/namequery_dc.c index b4ea90fde0..ed71a9816a 100644 --- a/source3/libsmb/namequery_dc.c +++ b/source3/libsmb/namequery_dc.c @@ -76,8 +76,8 @@ static BOOL ads_dc_name(const char *domain, if (i == 3) { - DEBUG(1,("ads_dc_name: sitename (now %s) keeps changing ???\n", - sitename)); + DEBUG(1,("ads_dc_name: sitename (now \"%s\") keeps changing ???\n", + sitename ? sitename : "")); SAFE_FREE(sitename); ads_destroy(&ads); return False; -- cgit From 6fada7a82aa67e7b80ff003bd527092da68542c8 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Thu, 31 Aug 2006 01:20:21 +0000 Subject: r17943: The horror, the horror. Add KDC site support by writing out a custom krb5.conf file containing the KDC I need. This may suck.... Needs some testing :-). Jeremy. (This used to be commit d500e1f96d92dfcc6292c448d1b399195f762d89) --- source3/libsmb/namequery_dc.c | 27 ++++++++++++++++++++------- 1 file changed, 20 insertions(+), 7 deletions(-) (limited to 'source3/libsmb/namequery_dc.c') diff --git a/source3/libsmb/namequery_dc.c b/source3/libsmb/namequery_dc.c index ed71a9816a..4099cc9dd8 100644 --- a/source3/libsmb/namequery_dc.c +++ b/source3/libsmb/namequery_dc.c @@ -38,8 +38,9 @@ static BOOL ads_dc_name(const char *domain, char *sitename = sitename_fetch(); int i; - if (!realm && strequal(domain, lp_workgroup())) + if (!realm && strequal(domain, lp_workgroup())) { realm = lp_realm(); + } /* Try this 3 times then give up. */ for( i =0 ; i < 3; i++) { @@ -64,22 +65,34 @@ static BOOL ads_dc_name(const char *domain, } /* Now we've found a server, see if our sitename - has changed. If so, we need to re-do the query + has changed. If so, we need to re-do the DNS query to ensure we only find servers in our site. */ - if (!sitename_changed(sitename)) { - break; + if (sitename_changed(sitename)) { + SAFE_FREE(sitename); + sitename = sitename_fetch(); + ads_destroy(&ads); + continue; } - ads_destroy(&ads); - } +#ifdef HAVE_KRB5 + if ((ads->config.flags & ADS_KDC) && sitename) { + /* We're going to use this KDC for this realm/domain. + If we are using sites, then force the krb5 libs + to use this KDC. */ + create_local_private_krb5_conf_for_domain(realm, + domain, + ads->ldap_ip); + } +#endif + break; + } if (i == 3) { DEBUG(1,("ads_dc_name: sitename (now \"%s\") keeps changing ???\n", sitename ? sitename : "")); SAFE_FREE(sitename); - ads_destroy(&ads); return False; } -- cgit From 2fcd113f5507f643fcf80d5a9770ce72aa121ba8 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Thu, 31 Aug 2006 04:14:08 +0000 Subject: r17945: Store the server and client sitenames in the ADS struct so we can see when they match - only create the ugly krb5 hack when they do. Jeremy. (This used to be commit 9be4ecf24b6b5dacf4c2891bddb072fa7543753f) --- source3/libsmb/namequery_dc.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'source3/libsmb/namequery_dc.c') diff --git a/source3/libsmb/namequery_dc.c b/source3/libsmb/namequery_dc.c index 4099cc9dd8..cf01fb269e 100644 --- a/source3/libsmb/namequery_dc.c +++ b/source3/libsmb/namequery_dc.c @@ -68,7 +68,7 @@ static BOOL ads_dc_name(const char *domain, has changed. If so, we need to re-do the DNS query to ensure we only find servers in our site. */ - if (sitename_changed(sitename)) { + if (stored_sitename_changed(sitename)) { SAFE_FREE(sitename); sitename = sitename_fetch(); ads_destroy(&ads); @@ -76,7 +76,7 @@ static BOOL ads_dc_name(const char *domain, } #ifdef HAVE_KRB5 - if ((ads->config.flags & ADS_KDC) && sitename) { + if ((ads->config.flags & ADS_KDC) && ads_sitename_match(ads)) { /* We're going to use this KDC for this realm/domain. If we are using sites, then force the krb5 libs to use this KDC. */ -- cgit From 37be6913fefcd9988f6c15a7b24a0a3429851ea6 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Wed, 11 Oct 2006 18:54:40 +0000 Subject: r19249: Attempt to fix a site lookup bug found by Guenther. - "The problem is, with a fresh system, we don't know our sitename, therefor we do a stupid DNS query for all DCs. The reply we get is a round-robin list of all 21 DCs, we just pick the first, contact that and safe that INET.COM#1C query in the name cache for later use... What we need to do if we don't yet know our sitename, is to contact to any DC, get the CLDAP reply to tell us in which site we are, then flush the namecache and requery DNS including the sitename" Implement the flushing of the #1C entries for a given NetBIOS name/realm when looking up the site value. Jeremy. (This used to be commit b2d1e44f59d32c91b1d48eacd1a158ba7b65762d) --- source3/libsmb/namequery_dc.c | 3 +++ 1 file changed, 3 insertions(+) (limited to 'source3/libsmb/namequery_dc.c') diff --git a/source3/libsmb/namequery_dc.c b/source3/libsmb/namequery_dc.c index cf01fb269e..5280118ab8 100644 --- a/source3/libsmb/namequery_dc.c +++ b/source3/libsmb/namequery_dc.c @@ -72,6 +72,9 @@ static BOOL ads_dc_name(const char *domain, SAFE_FREE(sitename); sitename = sitename_fetch(); ads_destroy(&ads); + /* Ensure we don't cache the DC we just connected to. */ + namecache_delete(realm, 0x1C); + namecache_delete(domain, 0x1C); continue; } -- cgit From 61a38bd4b83b7f72b479e84daa5ea89164a92f85 Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Fri, 10 Nov 2006 12:42:50 +0000 Subject: r19651: Fix interesting bug with the automatic site coverage in Active Directory: When having DC-less sites, AD assigns DCs from other sites to that site that does not have it's own DC. The most reliable way for us to identify the nearest DC - in that and all other cases - is the closest_dc flag in the CLDAP reply. Guenther (This used to be commit ff004f7284cb047e738ba3d3ad6602e8aa84e883) --- source3/libsmb/namequery_dc.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source3/libsmb/namequery_dc.c') diff --git a/source3/libsmb/namequery_dc.c b/source3/libsmb/namequery_dc.c index 5280118ab8..ceb8bbd7e6 100644 --- a/source3/libsmb/namequery_dc.c +++ b/source3/libsmb/namequery_dc.c @@ -79,7 +79,7 @@ static BOOL ads_dc_name(const char *domain, } #ifdef HAVE_KRB5 - if ((ads->config.flags & ADS_KDC) && ads_sitename_match(ads)) { + if ((ads->config.flags & ADS_KDC) && ads_closest_dc(ads)) { /* We're going to use this KDC for this realm/domain. If we are using sites, then force the krb5 libs to use this KDC. */ -- cgit From eeb14fcc94ef4c1452e7842c7c2e2532d0915556 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Thu, 21 Dec 2006 00:43:21 +0000 Subject: r20296: If we're going to overwrite krb5.conf only do it for our primary domain. Jeremy. (This used to be commit 61d31ce0089fe906d052c971321ce99fede0e240) --- source3/libsmb/namequery_dc.c | 20 +++++++++++++++++++- 1 file changed, 19 insertions(+), 1 deletion(-) (limited to 'source3/libsmb/namequery_dc.c') diff --git a/source3/libsmb/namequery_dc.c b/source3/libsmb/namequery_dc.c index ceb8bbd7e6..375d39a5fd 100644 --- a/source3/libsmb/namequery_dc.c +++ b/source3/libsmb/namequery_dc.c @@ -25,6 +25,24 @@ #include "includes.h" +/********************************************************************** + Is this our primary domain ? +**********************************************************************/ + +#ifdef HAVE_KRB5 +static BOOL is_our_primary_domain(const char *domain) +{ + int role = lp_server_role(); + + if ((role == ROLE_DOMAIN_MEMBER) && strequal(lp_workgroup(), domain)) { + return True; + } else if (strequal(get_global_sam_name(), domain)) { + return True; + } + return False; +} +#endif + /************************************************************************** Find the name and IP address for a server in the realm/domain *************************************************************************/ @@ -79,7 +97,7 @@ static BOOL ads_dc_name(const char *domain, } #ifdef HAVE_KRB5 - if ((ads->config.flags & ADS_KDC) && ads_closest_dc(ads)) { + if (is_our_primary_domain(domain) && (ads->config.flags & ADS_KDC) && ads_closest_dc(ads)) { /* We're going to use this KDC for this realm/domain. If we are using sites, then force the krb5 libs to use this KDC. */ -- cgit From bfd099e148ed97394bc858e746a1a998a71ac43c Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Wed, 17 Jan 2007 18:25:35 +0000 Subject: r20857: Silence gives assent :-). Checking in the fix for site support in a network where many DC's are down. I heard via Volker there is still a bug w.r.t the wrong site being chosen with trusted domains but we'll have to layer that fix on top of this. Gd - complain if this doesn't work for you. Jeremy. (This used to be commit 97e248f89ac6548274f03f2ae7583a255da5ddb3) --- source3/libsmb/namequery_dc.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'source3/libsmb/namequery_dc.c') diff --git a/source3/libsmb/namequery_dc.c b/source3/libsmb/namequery_dc.c index 375d39a5fd..a240510b77 100644 --- a/source3/libsmb/namequery_dc.c +++ b/source3/libsmb/namequery_dc.c @@ -104,6 +104,7 @@ static BOOL ads_dc_name(const char *domain, create_local_private_krb5_conf_for_domain(realm, domain, + sitename, ads->ldap_ip); } #endif @@ -146,7 +147,7 @@ static BOOL rpc_dc_name(const char *domain, fstring srv_name, struct in_addr *ip /* get a list of all domain controllers */ - if (!NT_STATUS_IS_OK(get_sorted_dc_list(domain, &ip_list, &count, + if (!NT_STATUS_IS_OK(get_sorted_dc_list(domain, NULL, &ip_list, &count, False))) { DEBUG(3, ("Could not look up dc's for domain %s\n", domain)); return False; -- cgit From e9c294b926c0b831fd936194342ec0564f935798 Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Thu, 18 Jan 2007 09:58:57 +0000 Subject: r20874: We need to distinguish client sitenames per realm. We were overwriting the stored client sitename with the sitename from each sucessfull CLDAP connection. Guenther (This used to be commit 6a13e878b5d299cb3b3d7cb33ee0d51089d9228d) --- source3/libsmb/namequery_dc.c | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) (limited to 'source3/libsmb/namequery_dc.c') diff --git a/source3/libsmb/namequery_dc.c b/source3/libsmb/namequery_dc.c index a240510b77..110b9986b7 100644 --- a/source3/libsmb/namequery_dc.c +++ b/source3/libsmb/namequery_dc.c @@ -53,13 +53,15 @@ static BOOL ads_dc_name(const char *domain, fstring srv_name) { ADS_STRUCT *ads; - char *sitename = sitename_fetch(); + char *sitename; int i; if (!realm && strequal(domain, lp_workgroup())) { realm = lp_realm(); } + sitename = sitename_fetch(realm); + /* Try this 3 times then give up. */ for( i =0 ; i < 3; i++) { ads = ads_init(realm, domain, NULL); @@ -86,9 +88,9 @@ static BOOL ads_dc_name(const char *domain, has changed. If so, we need to re-do the DNS query to ensure we only find servers in our site. */ - if (stored_sitename_changed(sitename)) { + if (stored_sitename_changed(realm, sitename)) { SAFE_FREE(sitename); - sitename = sitename_fetch(); + sitename = sitename_fetch(realm); ads_destroy(&ads); /* Ensure we don't cache the DC we just connected to. */ namecache_delete(realm, 0x1C); -- cgit From b304cabb4472ad0e89de5c0c678a10c83ec50ee9 Mon Sep 17 00:00:00 2001 From: Simo Sorce Date: Sat, 21 Apr 2007 20:43:54 +0000 Subject: r22425: Avoid to segfault if we only have the realm. (This used to be commit ace1520270d19d41c24236d4e26ccf77071ebeb9) --- source3/libsmb/namequery_dc.c | 5 +++++ 1 file changed, 5 insertions(+) (limited to 'source3/libsmb/namequery_dc.c') diff --git a/source3/libsmb/namequery_dc.c b/source3/libsmb/namequery_dc.c index 110b9986b7..65e860d45e 100644 --- a/source3/libsmb/namequery_dc.c +++ b/source3/libsmb/namequery_dc.c @@ -215,6 +215,11 @@ BOOL get_dc_name(const char *domain, const char *realm, fstring srv_name, struct if ( (our_domain && lp_security()==SEC_ADS) || realm ) { ret = ads_dc_name(domain, realm, &dc_ip, srv_name); } + + if (!domain) { + /* if we have only the realm we can't do anything else */ + return False; + } if (!ret) { /* fall back on rpc methods if the ADS methods fail */ -- cgit From d824b98f80ba186030cbb70b3a1e5daf80469ecd Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Mon, 9 Jul 2007 19:25:36 +0000 Subject: r23779: Change from v2 or later to v3 or later. Jeremy. (This used to be commit 407e6e695b8366369b7c76af1ff76869b45347b3) --- source3/libsmb/namequery_dc.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source3/libsmb/namequery_dc.c') diff --git a/source3/libsmb/namequery_dc.c b/source3/libsmb/namequery_dc.c index 65e860d45e..0469297605 100644 --- a/source3/libsmb/namequery_dc.c +++ b/source3/libsmb/namequery_dc.c @@ -9,7 +9,7 @@ This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 2 of the License, or + the Free Software Foundation; either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, -- cgit From 5e54558c6dea67b56bbfaba5698f3a434d3dffb6 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Tue, 10 Jul 2007 00:52:41 +0000 Subject: r23784: use the GPLv3 boilerplate as recommended by the FSF and the license text (This used to be commit b0132e94fc5fef936aa766fb99a306b3628e9f07) --- source3/libsmb/namequery_dc.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) (limited to 'source3/libsmb/namequery_dc.c') diff --git a/source3/libsmb/namequery_dc.c b/source3/libsmb/namequery_dc.c index 0469297605..8c6e8e37af 100644 --- a/source3/libsmb/namequery_dc.c +++ b/source3/libsmb/namequery_dc.c @@ -18,8 +18,7 @@ GNU General Public License for more details. You should have received a copy of the GNU General Public License - along with this program; if not, write to the Free Software - Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. + along with this program. If not, see . */ -- cgit From 809c9d4d3136cc46dc228107918ca19d5a008a0a Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Mon, 16 Jul 2007 11:08:00 +0000 Subject: r23888: move elements belonging to the current ldap connection to a substructure. metze (This used to be commit 00909194a6c1ed193dfdb296f50f58a53450583c) --- source3/libsmb/namequery_dc.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'source3/libsmb/namequery_dc.c') diff --git a/source3/libsmb/namequery_dc.c b/source3/libsmb/namequery_dc.c index 8c6e8e37af..0c1207d4e5 100644 --- a/source3/libsmb/namequery_dc.c +++ b/source3/libsmb/namequery_dc.c @@ -106,7 +106,7 @@ static BOOL ads_dc_name(const char *domain, create_local_private_krb5_conf_for_domain(realm, domain, sitename, - ads->ldap_ip); + ads->ldap.ip); } #endif break; @@ -123,7 +123,7 @@ static BOOL ads_dc_name(const char *domain, fstrcpy(srv_name, ads->config.ldap_server_name); strupper_m(srv_name); - *dc_ip = ads->ldap_ip; + *dc_ip = ads->ldap.ip; ads_destroy(&ads); DEBUG(4,("ads_dc_name: using server='%s' IP=%s\n", -- cgit From 57dd25cccbc0691dd4b84d2dca03497863b355ea Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Mon, 16 Jul 2007 14:35:33 +0000 Subject: r23893: add dummy callbacks for LDAP SASL wrapping, they're not used yet... metze (This used to be commit a3b97cdce719d9d5e82f26096c0e8c3a86ff3965) --- source3/libsmb/namequery_dc.c | 4 ++++ 1 file changed, 4 insertions(+) (limited to 'source3/libsmb/namequery_dc.c') diff --git a/source3/libsmb/namequery_dc.c b/source3/libsmb/namequery_dc.c index 0c1207d4e5..7dac69e2db 100644 --- a/source3/libsmb/namequery_dc.c +++ b/source3/libsmb/namequery_dc.c @@ -123,7 +123,11 @@ static BOOL ads_dc_name(const char *domain, fstrcpy(srv_name, ads->config.ldap_server_name); strupper_m(srv_name); +#ifdef HAVE_ADS *dc_ip = ads->ldap.ip; +#else + ZERO_STRUCT(*dc_ip); +#endif ads_destroy(&ads); DEBUG(4,("ads_dc_name: using server='%s' IP=%s\n", -- cgit From a747e8bdcfdd45f34324ec72310320927e97e9ad Mon Sep 17 00:00:00 2001 From: Lars Müller Date: Sat, 8 Sep 2007 14:56:11 +0000 Subject: r25032: Contact an off site DC if non is available on site. (This used to be commit 50879e6de5101b6c5ab8b3fb954f1d2a48530716) --- source3/libsmb/namequery_dc.c | 25 ++++++++++++++++--------- 1 file changed, 16 insertions(+), 9 deletions(-) (limited to 'source3/libsmb/namequery_dc.c') diff --git a/source3/libsmb/namequery_dc.c b/source3/libsmb/namequery_dc.c index 7dac69e2db..bdac833d13 100644 --- a/source3/libsmb/namequery_dc.c +++ b/source3/libsmb/namequery_dc.c @@ -98,15 +98,22 @@ static BOOL ads_dc_name(const char *domain, } #ifdef HAVE_KRB5 - if (is_our_primary_domain(domain) && (ads->config.flags & ADS_KDC) && ads_closest_dc(ads)) { - /* We're going to use this KDC for this realm/domain. - If we are using sites, then force the krb5 libs - to use this KDC. */ - - create_local_private_krb5_conf_for_domain(realm, - domain, - sitename, - ads->ldap.ip); + if (is_our_primary_domain(domain) && (ads->config.flags & ADS_KDC)) { + if (ads_closest_dc(ads)) { + /* We're going to use this KDC for this realm/domain. + If we are using sites, then force the krb5 libs + to use this KDC. */ + + create_local_private_krb5_conf_for_domain(realm, + domain, + sitename, + ads->ldap.ip); + } else { + create_local_private_krb5_conf_for_domain(realm, + domain, + NULL, + ads->ldap.ip); + } } #endif break; -- cgit From 8e54530b52fd256137740107e9fdf000f00a7a30 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Wed, 10 Oct 2007 18:25:16 -0700 Subject: Add start of IPv6 implementation. Currently most of this is avoiding IPv6 in winbindd, but moves most of the socket functions that were wrongly in lib/util.c into lib/util_sock.c and provides generic IPv4/6 independent versions of most things. Still lots of work to do, but now I can see how I'll fix the access check code. Nasty part that remains is the name resolution code which is used to returning arrays of in_addr structs. Jeremy. (This used to be commit 3f6bd0e1ec5cc6670f3d08f76fc2cd94c9cd1a08) --- source3/libsmb/namequery_dc.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'source3/libsmb/namequery_dc.c') diff --git a/source3/libsmb/namequery_dc.c b/source3/libsmb/namequery_dc.c index bdac833d13..39215aaa8f 100644 --- a/source3/libsmb/namequery_dc.c +++ b/source3/libsmb/namequery_dc.c @@ -155,7 +155,7 @@ static BOOL rpc_dc_name(const char *domain, fstring srv_name, struct in_addr *ip int count, i; NTSTATUS result; - zero_ip(&exclude_ip); + zero_ip_v4(&exclude_ip); /* get a list of all domain controllers */ @@ -168,7 +168,7 @@ static BOOL rpc_dc_name(const char *domain, fstring srv_name, struct in_addr *ip /* Remove the entry we've already failed with (should be the PDC). */ for (i = 0; i < count; i++) { - if (is_zero_ip(ip_list[i].ip)) + if (is_zero_ip_v4(ip_list[i].ip)) continue; if (name_status_find(domain, 0x1c, 0x20, ip_list[i].ip, srv_name)) { @@ -212,7 +212,7 @@ BOOL get_dc_name(const char *domain, const char *realm, fstring srv_name, struct BOOL ret; BOOL our_domain = False; - zero_ip(&dc_ip); + zero_ip_v4(&dc_ip); ret = False; -- cgit From 30191d1a5704ad2b158386b511558972d539ce47 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Thu, 18 Oct 2007 17:40:25 -0700 Subject: RIP BOOL. Convert BOOL -> bool. I found a few interesting bugs in various places whilst doing this (places that assumed BOOL == int). I also need to fix the Samba4 pidl generation (next checkin). Jeremy. (This used to be commit f35a266b3cbb3e5fa6a86be60f34fe340a3ca71f) --- source3/libsmb/namequery_dc.c | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) (limited to 'source3/libsmb/namequery_dc.c') diff --git a/source3/libsmb/namequery_dc.c b/source3/libsmb/namequery_dc.c index 39215aaa8f..16d8414b8f 100644 --- a/source3/libsmb/namequery_dc.c +++ b/source3/libsmb/namequery_dc.c @@ -29,7 +29,7 @@ **********************************************************************/ #ifdef HAVE_KRB5 -static BOOL is_our_primary_domain(const char *domain) +static bool is_our_primary_domain(const char *domain) { int role = lp_server_role(); @@ -46,7 +46,7 @@ static BOOL is_our_primary_domain(const char *domain) Find the name and IP address for a server in the realm/domain *************************************************************************/ -static BOOL ads_dc_name(const char *domain, +static bool ads_dc_name(const char *domain, const char *realm, struct in_addr *dc_ip, fstring srv_name) @@ -148,7 +148,7 @@ static BOOL ads_dc_name(const char *domain, valid since we have already done a name_status_find on it ***************************************************************************/ -static BOOL rpc_dc_name(const char *domain, fstring srv_name, struct in_addr *ip_out) +static bool rpc_dc_name(const char *domain, fstring srv_name, struct in_addr *ip_out) { struct ip_service *ip_list = NULL; struct in_addr dc_ip, exclude_ip; @@ -206,11 +206,11 @@ static BOOL rpc_dc_name(const char *domain, fstring srv_name, struct in_addr *ip wrapper around ads and rpc methods of finds DC's **********************************************************************/ -BOOL get_dc_name(const char *domain, const char *realm, fstring srv_name, struct in_addr *ip_out) +bool get_dc_name(const char *domain, const char *realm, fstring srv_name, struct in_addr *ip_out) { struct in_addr dc_ip; - BOOL ret; - BOOL our_domain = False; + bool ret; + bool our_domain = False; zero_ip_v4(&dc_ip); -- cgit From f88b7a076be74a29a3bf876b4e2705f4a1ecf42b Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Wed, 24 Oct 2007 14:16:54 -0700 Subject: This is a large patch (sorry). Migrate from struct in_addr to struct sockaddr_storage in most places that matter (ie. not the nmbd and NetBIOS lookups). This passes make test on an IPv4 box, but I'll have to do more work/testing on IPv6 enabled boxes. This should now give us a framework for testing and finishing the IPv6 migration. It's at the state where someone with a working IPv6 setup should (theorecically) be able to type : smbclient //ipv6-address/share and have it work. Jeremy. (This used to be commit 98e154c3125d5732c37a72d74b0eb5cd7b6155fd) --- source3/libsmb/namequery_dc.c | 75 +++++++++++++++++++++++-------------------- 1 file changed, 40 insertions(+), 35 deletions(-) (limited to 'source3/libsmb/namequery_dc.c') diff --git a/source3/libsmb/namequery_dc.c b/source3/libsmb/namequery_dc.c index 16d8414b8f..0fa4b93990 100644 --- a/source3/libsmb/namequery_dc.c +++ b/source3/libsmb/namequery_dc.c @@ -48,12 +48,13 @@ static bool is_our_primary_domain(const char *domain) static bool ads_dc_name(const char *domain, const char *realm, - struct in_addr *dc_ip, + struct sockaddr_storage *dc_ss, fstring srv_name) { ADS_STRUCT *ads; char *sitename; int i; + char addr[INET6_ADDRSTRLEN]; if (!realm && strequal(domain, lp_workgroup())) { realm = lp_realm(); @@ -107,12 +108,12 @@ static bool ads_dc_name(const char *domain, create_local_private_krb5_conf_for_domain(realm, domain, sitename, - ads->ldap.ip); + &ads->ldap.ss); } else { create_local_private_krb5_conf_for_domain(realm, domain, NULL, - ads->ldap.ip); + &ads->ldap.ss); } } #endif @@ -131,34 +132,36 @@ static bool ads_dc_name(const char *domain, fstrcpy(srv_name, ads->config.ldap_server_name); strupper_m(srv_name); #ifdef HAVE_ADS - *dc_ip = ads->ldap.ip; + *dc_ss = ads->ldap.ss; #else - ZERO_STRUCT(*dc_ip); + zero_addr(dc_ss,AF_INET); #endif ads_destroy(&ads); - + + print_sockaddr(addr, sizeof(addr), dc_ss); DEBUG(4,("ads_dc_name: using server='%s' IP=%s\n", - srv_name, inet_ntoa(*dc_ip))); - + srv_name, addr)); + return True; } /**************************************************************************** - Utility function to return the name of a DC. The name is guaranteed to be - valid since we have already done a name_status_find on it + Utility function to return the name of a DC. The name is guaranteed to be + valid since we have already done a name_status_find on it ***************************************************************************/ -static bool rpc_dc_name(const char *domain, fstring srv_name, struct in_addr *ip_out) +static bool rpc_dc_name(const char *domain, + fstring srv_name, + struct sockaddr_storage *ss_out) { struct ip_service *ip_list = NULL; - struct in_addr dc_ip, exclude_ip; + struct sockaddr_storage dc_ss; int count, i; NTSTATUS result; - - zero_ip_v4(&exclude_ip); + char addr[INET6_ADDRSTRLEN]; /* get a list of all domain controllers */ - + if (!NT_STATUS_IS_OK(get_sorted_dc_list(domain, NULL, &ip_list, &count, False))) { DEBUG(3, ("Could not look up dc's for domain %s\n", domain)); @@ -168,35 +171,34 @@ static bool rpc_dc_name(const char *domain, fstring srv_name, struct in_addr *ip /* Remove the entry we've already failed with (should be the PDC). */ for (i = 0; i < count; i++) { - if (is_zero_ip_v4(ip_list[i].ip)) + if (is_zero_addr(&ip_list[i].ss)) continue; - if (name_status_find(domain, 0x1c, 0x20, ip_list[i].ip, srv_name)) { + if (name_status_find(domain, 0x1c, 0x20, &ip_list[i].ss, srv_name)) { result = check_negative_conn_cache( domain, srv_name ); if ( NT_STATUS_IS_OK(result) ) { - dc_ip = ip_list[i].ip; + dc_ss = ip_list[i].ss; goto done; } } } - SAFE_FREE(ip_list); /* No-one to talk to )-: */ return False; /* Boo-hoo */ - + done: /* We have the netbios name and IP address of a domain controller. Ideally we should sent a SAMLOGON request to determine whether the DC is alive and kicking. If we can catch a dead DC before performing a cli_connect() we can avoid a 30-second timeout. */ + print_sockaddr(addr, sizeof(addr), &dc_ss); DEBUG(3, ("rpc_dc_name: Returning DC %s (%s) for domain %s\n", srv_name, - inet_ntoa(dc_ip), domain)); - - *ip_out = dc_ip; + addr, domain)); + *ss_out = dc_ss; SAFE_FREE(ip_list); return True; @@ -206,37 +208,40 @@ static bool rpc_dc_name(const char *domain, fstring srv_name, struct in_addr *ip wrapper around ads and rpc methods of finds DC's **********************************************************************/ -bool get_dc_name(const char *domain, const char *realm, fstring srv_name, struct in_addr *ip_out) +bool get_dc_name(const char *domain, + const char *realm, + fstring srv_name, + struct sockaddr_storage *ss_out) { - struct in_addr dc_ip; + struct sockaddr_storage dc_ss; bool ret; bool our_domain = False; - zero_ip_v4(&dc_ip); + zero_addr(&dc_ss, AF_INET); ret = False; - + if ( strequal(lp_workgroup(), domain) || strequal(lp_realm(), realm) ) our_domain = True; - - /* always try to obey what the admin specified in smb.conf + + /* always try to obey what the admin specified in smb.conf (for the local domain) */ - + if ( (our_domain && lp_security()==SEC_ADS) || realm ) { - ret = ads_dc_name(domain, realm, &dc_ip, srv_name); + ret = ads_dc_name(domain, realm, &dc_ss, srv_name); } if (!domain) { /* if we have only the realm we can't do anything else */ return False; } - + if (!ret) { /* fall back on rpc methods if the ADS methods fail */ - ret = rpc_dc_name(domain, srv_name, &dc_ip); + ret = rpc_dc_name(domain, srv_name, &dc_ss); } - - *ip_out = dc_ip; + + *ss_out = dc_ss; return ret; } -- cgit From d4307679b95088d05f0abad440de5e961ee965df Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Sat, 27 Oct 2007 20:29:36 -0700 Subject: Change all occurrences of zero_addr(&ss,AF_INET) to zero_addr(&ss). All current uses were always of the AF_INET form, so simplify the call. If in the future we need to zero an addr to AF_INET6 this can be done separately. Jeremy. (This used to be commit 2e92418a138bf2738b77b7e0fcb2fa37ad84fc0c) --- source3/libsmb/namequery_dc.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'source3/libsmb/namequery_dc.c') diff --git a/source3/libsmb/namequery_dc.c b/source3/libsmb/namequery_dc.c index 0fa4b93990..06926a762b 100644 --- a/source3/libsmb/namequery_dc.c +++ b/source3/libsmb/namequery_dc.c @@ -134,7 +134,7 @@ static bool ads_dc_name(const char *domain, #ifdef HAVE_ADS *dc_ss = ads->ldap.ss; #else - zero_addr(dc_ss,AF_INET); + zero_addr(dc_ss); #endif ads_destroy(&ads); @@ -217,7 +217,7 @@ bool get_dc_name(const char *domain, bool ret; bool our_domain = False; - zero_addr(&dc_ss, AF_INET); + zero_addr(&dc_ss); ret = False; -- cgit From bcbac69d1a38e128ffe8b763ac027d6eab33dcec Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Mon, 21 Apr 2008 19:59:27 +0200 Subject: cldap: avoid duplicate definitions so remove ads_cldap.h. Guenther (This used to be commit 538eefe22ad69540b9f73ffaa613d6be045de199) --- source3/libsmb/namequery_dc.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source3/libsmb/namequery_dc.c') diff --git a/source3/libsmb/namequery_dc.c b/source3/libsmb/namequery_dc.c index 06926a762b..d080f8f0b7 100644 --- a/source3/libsmb/namequery_dc.c +++ b/source3/libsmb/namequery_dc.c @@ -99,7 +99,7 @@ static bool ads_dc_name(const char *domain, } #ifdef HAVE_KRB5 - if (is_our_primary_domain(domain) && (ads->config.flags & ADS_KDC)) { + if (is_our_primary_domain(domain) && (ads->config.flags & NBT_SERVER_KDC)) { if (ads_closest_dc(ads)) { /* We're going to use this KDC for this realm/domain. If we are using sites, then force the krb5 libs -- cgit