root/source3/libsmb/namequery_dc.c

/* [<][>][^][v][top][bottom][index][help] */

DEFINITIONS

This source file includes following definitions.
  1. is_our_primary_domain
  2. ads_dc_name
  3. rpc_dc_name
  4. get_dc_name

   1 /* 
   2    Unix SMB/CIFS implementation.
   3 
   4    Winbind daemon connection manager
   5 
   6    Copyright (C) Tim Potter 2001
   7    Copyright (C) Andrew Bartlett 2002
   8    Copyright (C) Gerald Carter 2003
   9    
  10    This program is free software; you can redistribute it and/or modify
  11    it under the terms of the GNU General Public License as published by
  12    the Free Software Foundation; either version 3 of the License, or
  13    (at your option) any later version.
  14    
  15    This program is distributed in the hope that it will be useful,
  16    but WITHOUT ANY WARRANTY; without even the implied warranty of
  17    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  18    GNU General Public License for more details.
  19    
  20    You should have received a copy of the GNU General Public License
  21    along with this program.  If not, see <http://www.gnu.org/licenses/>.
  22 */
  23 
  24 
  25 #include "includes.h"
  26 
  27 /**********************************************************************
  28  Is this our primary domain ?
  29 **********************************************************************/
  30 
  31 #ifdef HAVE_KRB5
  32 static bool is_our_primary_domain(const char *domain)
     /* [<][>][^][v][top][bottom][index][help] */
  33 {
  34         int role = lp_server_role();
  35 
  36         if ((role == ROLE_DOMAIN_MEMBER) && strequal(lp_workgroup(), domain)) {
  37                 return True;
  38         } else if (strequal(get_global_sam_name(), domain)) {
  39                 return True;
  40         }
  41         return False;
  42 }
  43 #endif
  44 
  45 /**************************************************************************
  46  Find the name and IP address for a server in the realm/domain
  47  *************************************************************************/
  48  
  49 static bool ads_dc_name(const char *domain,
     /* [<][>][^][v][top][bottom][index][help] */
  50                         const char *realm,
  51                         struct sockaddr_storage *dc_ss,
  52                         fstring srv_name)
  53 {
  54         ADS_STRUCT *ads;
  55         char *sitename;
  56         int i;
  57         char addr[INET6_ADDRSTRLEN];
  58 
  59         if (!realm && strequal(domain, lp_workgroup())) {
  60                 realm = lp_realm();
  61         }
  62 
  63         sitename = sitename_fetch(realm);
  64 
  65         /* Try this 3 times then give up. */
  66         for( i =0 ; i < 3; i++) {
  67                 ads = ads_init(realm, domain, NULL);
  68                 if (!ads) {
  69                         SAFE_FREE(sitename);
  70                         return False;
  71                 }
  72 
  73                 DEBUG(4,("ads_dc_name: domain=%s\n", domain));
  74 
  75 #ifdef HAVE_ADS
  76                 /* we don't need to bind, just connect */
  77                 ads->auth.flags |= ADS_AUTH_NO_BIND;
  78                 ads_connect(ads);
  79 #endif
  80 
  81                 if (!ads->config.realm) {
  82                         SAFE_FREE(sitename);
  83                         ads_destroy(&ads);
  84                         return False;
  85                 }
  86 
  87                 /* Now we've found a server, see if our sitename
  88                    has changed. If so, we need to re-do the DNS query
  89                    to ensure we only find servers in our site. */
  90 
  91                 if (stored_sitename_changed(realm, sitename)) {
  92                         SAFE_FREE(sitename);
  93                         sitename = sitename_fetch(realm);
  94                         ads_destroy(&ads);
  95                         /* Ensure we don't cache the DC we just connected to. */
  96                         namecache_delete(realm, 0x1C);
  97                         namecache_delete(domain, 0x1C);
  98                         continue;
  99                 }
 100 
 101 #ifdef HAVE_KRB5
 102                 if (is_our_primary_domain(domain) && (ads->config.flags & NBT_SERVER_KDC)) {
 103                         if (ads_closest_dc(ads)) {
 104                                 /* We're going to use this KDC for this realm/domain.
 105                                    If we are using sites, then force the krb5 libs
 106                                    to use this KDC. */
 107 
 108                                 create_local_private_krb5_conf_for_domain(realm,
 109                                                                         domain,
 110                                                                         sitename,
 111                                                                         &ads->ldap.ss);
 112                         } else {
 113                                 create_local_private_krb5_conf_for_domain(realm,
 114                                                                         domain,
 115                                                                         NULL,
 116                                                                         &ads->ldap.ss);
 117                         }
 118                 }
 119 #endif
 120                 break;
 121         }
 122 
 123         if (i == 3) {
 124                 DEBUG(1,("ads_dc_name: sitename (now \"%s\") keeps changing ???\n",
 125                         sitename ? sitename : ""));
 126                 SAFE_FREE(sitename);
 127                 return False;
 128         }
 129 
 130         SAFE_FREE(sitename);
 131 
 132         fstrcpy(srv_name, ads->config.ldap_server_name);
 133         strupper_m(srv_name);
 134 #ifdef HAVE_ADS
 135         *dc_ss = ads->ldap.ss;
 136 #else
 137         zero_sockaddr(dc_ss);
 138 #endif
 139         ads_destroy(&ads);
 140 
 141         print_sockaddr(addr, sizeof(addr), dc_ss);
 142         DEBUG(4,("ads_dc_name: using server='%s' IP=%s\n",
 143                  srv_name, addr));
 144 
 145         return True;
 146 }
 147 
 148 /****************************************************************************
 149  Utility function to return the name of a DC. The name is guaranteed to be
 150  valid since we have already done a name_status_find on it
 151  ***************************************************************************/
 152 
 153 static bool rpc_dc_name(const char *domain,
     /* [<][>][^][v][top][bottom][index][help] */
 154                         fstring srv_name,
 155                         struct sockaddr_storage *ss_out)
 156 {
 157         struct ip_service *ip_list = NULL;
 158         struct sockaddr_storage dc_ss;
 159         int count, i;
 160         NTSTATUS result;
 161         char addr[INET6_ADDRSTRLEN];
 162 
 163         /* get a list of all domain controllers */
 164 
 165         if (!NT_STATUS_IS_OK(get_sorted_dc_list(domain, NULL, &ip_list, &count,
 166                                                 False))) {
 167                 DEBUG(3, ("Could not look up dc's for domain %s\n", domain));
 168                 return False;
 169         }
 170 
 171         /* Remove the entry we've already failed with (should be the PDC). */
 172 
 173         for (i = 0; i < count; i++) {
 174                 if (is_zero_addr((struct sockaddr *)&ip_list[i].ss))
 175                         continue;
 176 
 177                 if (name_status_find(domain, 0x1c, 0x20, &ip_list[i].ss, srv_name)) {
 178                         result = check_negative_conn_cache( domain, srv_name );
 179                         if ( NT_STATUS_IS_OK(result) ) {
 180                                 dc_ss = ip_list[i].ss;
 181                                 goto done;
 182                         }
 183                 }
 184         }
 185 
 186         SAFE_FREE(ip_list);
 187 
 188         /* No-one to talk to )-: */
 189         return False;           /* Boo-hoo */
 190 
 191  done:
 192         /* We have the netbios name and IP address of a domain controller.
 193            Ideally we should sent a SAMLOGON request to determine whether
 194            the DC is alive and kicking.  If we can catch a dead DC before
 195            performing a cli_connect() we can avoid a 30-second timeout. */
 196 
 197         print_sockaddr(addr, sizeof(addr), &dc_ss);
 198         DEBUG(3, ("rpc_dc_name: Returning DC %s (%s) for domain %s\n", srv_name,
 199                   addr, domain));
 200 
 201         *ss_out = dc_ss;
 202         SAFE_FREE(ip_list);
 203 
 204         return True;
 205 }
 206 
 207 /**********************************************************************
 208  wrapper around ads and rpc methods of finds DC's
 209 **********************************************************************/
 210 
 211 bool get_dc_name(const char *domain,
     /* [<][>][^][v][top][bottom][index][help] */
 212                 const char *realm,
 213                 fstring srv_name,
 214                 struct sockaddr_storage *ss_out)
 215 {
 216         struct sockaddr_storage dc_ss;
 217         bool ret;
 218         bool our_domain = False;
 219 
 220         zero_sockaddr(&dc_ss);
 221 
 222         ret = False;
 223 
 224         if ( strequal(lp_workgroup(), domain) || strequal(lp_realm(), realm) )
 225                 our_domain = True;
 226 
 227         /* always try to obey what the admin specified in smb.conf
 228            (for the local domain) */
 229 
 230         if ( (our_domain && lp_security()==SEC_ADS) || realm ) {
 231                 ret = ads_dc_name(domain, realm, &dc_ss, srv_name);
 232         }
 233 
 234         if (!domain) {
 235                 /* if we have only the realm we can't do anything else */
 236                 return False;
 237         }
 238 
 239         if (!ret) {
 240                 /* fall back on rpc methods if the ADS methods fail */
 241                 ret = rpc_dc_name(domain, srv_name, &dc_ss);
 242         }
 243 
 244         *ss_out = dc_ss;
 245 
 246         return ret;
 247 }

/* [<][>][^][v][top][bottom][index][help] */